Volerion logoVolerion
Volerion logoVolerion

SpringBlade Privilege Escalation Vulnerability

Vulnerability

A vulnerability in SpringBlade version 4.5.0 allows users with low-level privileges to escalate their privileges. This issue arises from improper access control in the authRoutes function, which fails to perform necessary permission checks. As a result, it may enable a user to unlawfully access permission information of other users, potentially leading to unauthorized actions or access within the application.

Impact

Exploitation of this vulnerability could allow unauthorized users to gain elevated privileges, access restricted resources, or perform actions reserved for higher-level users.

Reproduction

The vulnerability can be reproduced by sending a request to the 'auth-routes' endpoint without the necessary permissions. The absence of authorization checks allows the current user to access permission information of other users, regardless of their actual role or identity.

Remediation

Users are advised to update to SpringBlade version 4.8.0, which includes a patch for this vulnerability by adding the necessary permission checks.

Added: Jan 23, 2026, 7:20 PM
Updated: Jan 23, 2026, 8:22 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
5.0
exploitability
4.6
remediation
0.0
relevance
2.3
threat
6.4
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.