Primary

Context

Erxes Incorrect Access Control Vulnerability Allowing Authentication Bypass

Vulnerability

Patched

A vulnerability in Erxes versions prior to 1.6.1 allows for incorrect access control, where an attacker can bypass authentication by sending a 'User' HTTP header with any user identity. This manipulation enables the attacker to interact with any GraphQL endpoint as the specified user.

Impact

Exploitation of this vulnerability allows any user to impersonate an admin on an Erxes instance, granting access to all application data and the ability to create additional admin accounts for persistent access.

Reproduction

To reproduce this vulnerability, send a request to an Erxes server with a 'User' HTTP header encoded in Base64, representing a user identity. The server will trust this header and grant access as the specified user, bypassing normal authentication processes.

Remediation

Users of Erxes should update to version 1.6.3, which addresses this authentication bypass vulnerability.

Added: Jun 10, 2025, 6:36 PM

Updated: Jun 10, 2025, 8:38 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

5.0

exploitability

8.6

remediation

7.7

relevance

0.2

threat

4.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

5.0

exploitability

8.6

remediation

7.7

relevance

0.2

threat

4.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Erxes Incorrect Access Control Vulnerability Allowing Authentication Bypass

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Erxes

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating