Cyber Resilience

CVE-2024-13111

MediumPublic PoC

Published: 02 January 2025

Published
02 January 2025
Modified
25 August 2025
KEV Added
Patch
CVSS Score v4 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0024 47.6th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-13111 is a medium-severity Improper Authentication (CWE-287) vulnerability in Kaoshifeng Yunfan Learning Examination System. Its CVSS base score is 6.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 47.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SC-23 (Session Authenticity).

Deeper analysis

CVE-2024-13111 is a critical improper authentication vulnerability (CWE-287) affecting Beijing Yunfan Internet Technology Yunfan Learning Examination System version 1.9.2. The issue resides in an unknown functionality within the JWT Token Handler component, specifically the file src/main/java/com/yf/exam/modules/sys/user/controller/SysUserControl. It has a CVSS v3.1 base score of 5.6 (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating medium severity despite the critical classification, and was published on 2025-01-02.

Remote attackers with no privileges required can exploit this vulnerability through manipulation leading to improper authentication. The attack complexity is high, and exploitation is considered difficult, but it can be launched remotely with low impacts on confidentiality, integrity, and availability.

Advisories and details are available via VulDB entries (ctiid.289927, id.289927, submit.467701) and GitHub issues in the qiutiandefeng/yfexam-exam repository (issues/6 and issue comment #2754680012), where the exploit has been publicly disclosed and may be used. No specific patch or mitigation details are outlined in the primary sources.

EU & UK References

Vulnerability details

A vulnerability classified as critical was found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Affected by this vulnerability is an unknown functionality of the file src/main/java/com/yf/exam/modules/sys/user/controller/SysUserControl of the component JWT Token Handler. The manipulation leads to improper…

more

authentication. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Improper authentication flaw in JWT handler of public-facing web app directly enables remote exploitation for unauthorized access.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-13110Same product: Kaoshifeng Yunfan Learning Examination System
CVE-2025-71279Shared CWE-287
CVE-2024-13804Shared CWE-287
CVE-2024-57046Shared CWE-287
CVE-2026-1203Shared CWE-287
CVE-2026-1740Shared CWE-287
CVE-2025-43995Shared CWE-287
CVE-2026-7876Shared CWE-287
CVE-2025-0637Shared CWE-287
CVE-2025-61882Shared CWE-287

Affected Assets

kaoshifeng
yunfan learning examination system
1.9.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires identification, reporting, and timely remediation of software flaws like the improper authentication vulnerability in the JWT Token Handler.

prevent

Mandates proper management, verification, and strength requirements for authenticators such as JWT tokens to prevent improper authentication exploitation.

prevent

Enforces cryptographic protection, binding, and authenticity verification for session identifiers like JWT tokens against remote manipulation.

References