Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Multiple vulnerabilities in EJBCA

Posted date 31/03/2025
Identificador
INCIBE-2025-0166
Importance
3 - Medium
Affected Resources

EJBCA, 8.0 version.

Description

INCIBE has coordinated the publication of 2 medium severity vulnerabilities affecting EJBCA, a public key infrastructure software, which have been discovered by Julen Garrido Estévez.

These vulnerabilities have been assigned the following codes, CVSS v4.0 base score, CVSS vector and CWE vulnerability type for each vulnerability:

  • CVE-2025-3026: CVSS v4.0: 5.1 | CVSS AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N | CWE-74
  • CVE-2025-3027: CVSS v4.0: 5.1 | CVSS AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N | CWE-601
Solution

The vulnerabilities have been fixed by the EJBCA team in version 9.1.

In turn, the vendor recommends that if you are running a reverse proxy, you disable caching for the URL paths /ejbca/ra/ and /ejbca/adminweb/.

Detail
  • CVE-2025-3026: the vulnerability exists in the EJBCA service, version 8.0 Enterprise. Not tested in higher versions. By modifying the ‘Host’ header in an HTTP request, it is possible to manipulate the generated links and thus redirect the client to a different base URL.  In this way, an attacker could insert his own server for the client to send HTTP requests, provided he succeeds in exploiting it.
  • CVE-2025-3027: the vulnerability exists in the EJBCA service, version 8.0 Enterprise. By making a small change to the PATH of the URL associated with the service, the server fails to find the requested file and redirects to an external page. This vulnerability could allow users to be redirected to potentially malicious external sites, which can be exploited for phishing or other social engineering attacks.
References list
Vendor website
Etiquetas