## https://sploitus.com/exploit?id=AE9FCDBD-6379-57DD-850F-E2D50A316E21
# CVE-2025-55462
---
## Vulnerability Summary
A **CORS misconfiguration** was identified in **Eramba Community and Enterprise Editions v3.26.0**, where the application reflects attacker-controlled `Origin` headers in the `Access-Control-Allow-Origin` response while also setting `Access-Control-Allow-Credentials: true`.
This behavior violates the **Same-Origin Policy** and allows **authenticated cross-origin requests** from malicious websites. If a victim is logged into an affected Eramba instance and visits an attacker-controlled page, the attacker’s JavaScript can read sensitive API responses.
---
## Affected Components
- CORS middleware / Origin validation logic
- System API endpoints:
- `/system-api/login`
- `/system-api/user/me`
- `/system-api/account`
---
## Impact
- Information Disclosure
- Session Hijacking
- Unauthorized access to sensitive user data
Exposed data may include:
- User ID
- Name and email
- Access groups / roles
- Account-related information
---
## Attack Vector
An attacker hosts a malicious webpage that issues credentialed cross-origin requests (`withCredentials: true`) to a vulnerable Eramba instance. Due to improper CORS validation, the browser allows the response to be read by the attacker’s JavaScript when the victim is authenticated.
---
## Affected Versions
### Vulnerable
- Eramba Community Edition v3.26.0
- Eramba Enterprise Edition v3.26.0
### Not Affected
- Eramba v3.23.3 and earlier
---
## Fixed Version
- **Eramba v3.28.0**
The vendor confirmed the issue was resolved by strengthening CORS configuration and origin validation.
---
## Acknowledgement
Discovered and responsibly disclosed by:
**Sibi K**
**Security Researcher**