How severe is CVE-2025-2323?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2025-2323?

This is classified as CWE-840, which is a common weakness in software security.

CVE-2025-2323 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. It has been declared as problematic. This vulnerability affects the function updateQuestionCou of the file /api/mjkj-chat/chat/mng/update/questionCou of the component Number of Question Handler. The manipulation leads to enforcement of behavioral workflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2018-25104

MEDIUM

CVSS:4.3(Medium)

A vulnerability was found in CoinGate Plugin up to 1.2.7 on PrestaShop. It has been rated as problematic. Affected by this issue is the function postProcess of the file modules/coingate/controllers/fr...

CWE-8402018

CVE-2020-8181

MEDIUM

CVSS:4.3(Medium)

A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars.

CWE-8402020

CVE-2021-4146

MEDIUM

CVSS:4.3(Medium)

Business Logic Errors in GitHub repository pimcore/pimcore prior to 10.2.6.

CWE-8402021

CVE-2022-0746

MEDIUM

CVSS:4.3(Medium)

Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0.

CWE-8402022

CVE-2023-29294

MEDIUM

CVSS:4.3(Medium)

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Business Logic Errors vulnerability that could result in a security feature bypass. A l...

CWE-8402023

CVE-2024-1682

MEDIUM

CVSS:4.3(Medium)

An unclaimed Amazon S3 bucket, 'codeconf', is referenced in an audio file link within the .rst documentation file. This bucket has been claimed by an external party. The use of this unclaimed S3 bucke...

CWE-8402024