CVE-2025-70982

CriticalPublic PoC

Published: 26 January 2026

Published

26 January 2026

Modified

12 February 2026

KEV Added

—

Patch

—

CVSS Score 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0005 16.0th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-70982 is a critical-severity Improper Access Control (CWE-284) vulnerability in Bladex Springblade. Its CVSS base score is 9.9 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 16.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-24 (Access Control Decisions) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations for access to the importUser function, directly preventing low-privilege attackers from arbitrarily importing sensitive user data due to improper permission checks.

AC-6 Least Privilege good match

prevent

Applies least privilege to restrict low-level privilege accounts from performing unauthorized sensitive user data import operations in SpringBlade.

AC-24 Access Control Decisions good match

prevent

Requires the system to make explicit access control decisions prior to allowing invocation of the importUser function, addressing the lack of proper permission checks.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Remote exploitation of public-facing app via missing authz on importUser enables initial access (T1190) and leads to privilege escalation (T1068) with high impact on user data.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Incorrect access control in the importUser function of SpringBlade v4.5.0 allows attackers with low-level privileges to arbitrarily import sensitive user data.

Deeper analysisAI

CVE-2025-70982 is an incorrect access control vulnerability in the importUser function of SpringBlade version 4.5.0. This flaw, associated with CWE-284, enables unauthorized handling of user data import operations due to improper permission checks. The vulnerability carries a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating critical severity with network accessibility, low attack complexity, and significant impacts across confidentiality, integrity, and availability.

An attacker with low-level privileges can exploit this vulnerability remotely without user interaction. By invoking the importUser function, they can arbitrarily import sensitive user data, potentially leading to unauthorized data exposure, modification, or disruption in a scoped environment where privileges escalate beyond initial low-level access.

Advisories and further details are available in the referenced sources, including a GitHub Gist at https://gist.github.com/old6ma/ea60151aa40ddc1cfb51fbaa0c173117, the SpringBlade repository at https://github.com/chillzhuang/SpringBlade, and issue #34 at https://github.com/chillzhuang/SpringBlade/issues/34, which may provide guidance on patches or mitigations.