Incorrect Authorization The advisory has been revoked - it doesn't affect any version of package generator-jhipster  (opens in a new tab)


Threat Intelligence

Social Trends
Exploit Maturity
Proof of Concept
EPSS
0.24% (16th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Incorrect Authorization vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-JS-GENERATORJHIPSTER-11023283
  • published27 Jul 2025
  • disclosed25 Jul 2025
  • creditHritik Godara

Introduced: 25 Jul 2025

CVE-2025-43712  (opens in a new tab)
CWE-863  (opens in a new tab)

Amendment

This was deemed not a vulnerability.

Overview

generator-jhipster is a development platform to generate, develop and deploy Spring Boot + Angular / React / Vue Web applications and Spring microservices.

Affected versions of this package are vulnerable to Incorrect Authorization via the authorities parameter in the response from the api/account endpoint. An attacker can gain elevated privileges by modifying the value of the authorities parameter for ROLE_USER to ROLE_ADMIN.

Note: This advisory has been revoked because the vendor claims that there is no privilege escalation in the context of the JHipster backend (the report only demonstrates that, after using JHipster to generate an application, one can make a non-functional admin screen visible in the front end of that application).