CVE-2025-3790 in JSite
Summary
by MITRE • 04/18/2025
A vulnerability classified as critical has been found in baseweb JSite 1.0. This affects an unknown part of the file /druid/index.html of the component Apache Druid Monitoring Console. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 10/16/2025
This critical vulnerability in baseweb JSite 1.0 affects the Apache Druid Monitoring Console component through the /druid/index.html file, representing a significant security flaw that allows unauthorized access to sensitive monitoring interfaces. The vulnerability stems from improper access controls that fail to properly authenticate and authorize users attempting to access the Druid console. This flaw exists within the web application's authentication mechanism, potentially allowing attackers to bypass security restrictions and gain access to monitoring data and administrative functions. The issue is particularly concerning as it affects a monitoring console that typically contains sensitive operational data about database performance, query execution, and system health metrics that could be exploited for further attacks or data exfiltration.
The technical implementation of this vulnerability demonstrates a failure in access control validation where the application does not properly verify user credentials or roles before granting access to restricted functionality within the Druid console. This represents a classic access control weakness that aligns with CWE-285, which focuses on improper authorization in web applications. Attackers can exploit this remotely without requiring local system access or prior authentication, making the vulnerability particularly dangerous as it can be leveraged from any network location. The public disclosure of the exploit means that threat actors can readily implement this attack vector against vulnerable systems without requiring advanced technical skills or custom development.
The operational impact of this vulnerability extends beyond simple unauthorized access to include potential data breaches, system compromise, and exposure of sensitive infrastructure information. Organizations using Apache Druid monitoring consoles may experience unauthorized access to query logs, database connection details, and system performance metrics that could reveal attack surface information. The vulnerability affects the monitoring console's integrity and confidentiality, potentially allowing attackers to manipulate or extract sensitive data from the Druid system. This could lead to cascading security issues where compromised monitoring systems provide attackers with insights into other parts of the infrastructure that may be protected by different security controls.
Organizations should immediately implement network segmentation to isolate Druid monitoring consoles from untrusted networks and apply the latest security patches from Apache Druid maintainers. Access controls should be strengthened through multi-factor authentication implementation and role-based access control enforcement. Regular security audits should be conducted to identify and remediate similar access control vulnerabilities across the application stack. The ATT&CK framework categorizes this vulnerability under privilege escalation and credential access techniques, where attackers can leverage initial access through the monitoring console to move laterally within the network. System administrators should also consider implementing web application firewalls to detect and block exploitation attempts targeting the vulnerable endpoint, while monitoring for anomalous access patterns that may indicate successful exploitation of this vulnerability.