CVE-2025-56769 | THREATINT

Description

An issue was discovered in chinabugotech hutool before 5.8.4 allowing attackers to execute arbitrary expressions that lead to arbitrary method invocation and potentially remote code execution (RCE) via the QLExpressEngine class.

PUBLISHED Reserved 2025-08-17 | Published 2025-09-25 | Updated 2025-09-26 | Assigner mitre

References

github.com/chinabugotech/hutool/issues/3994

cve.org (CVE-2025-56769)

nvd.nist.gov (CVE-2025-56769)

Download JSON