CVE-2025-6552
java-aodeng Hope-Boot Login WebController.java doLogin redirect
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
java-aodeng Hope-Boot Login WebController.java doLogin redirect
A vulnerability was found in java-aodeng Hope-Boot 1.0.0. It has been classified as problematic. Affected is the function doLogin of the file /src/main/java/com/hope/controller/WebController.java of the component Login. The manipulation of the argument redirect_url leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Es wurde eine problematische Schwachstelle in java-aodeng Hope-Boot 1.0.0 ausgemacht. Es geht dabei um die Funktion doLogin der Datei /src/main/java/com/hope/controller/WebController.java der Komponente Login. Mittels dem Manipulieren des Arguments redirect_url mit unbekannten Daten kann eine open redirect-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
| 2025-06-23: | Advisory disclosed |
| 2025-06-23: | VulDB entry created |
| 2025-06-23: | VulDB entry last update |
ShenxiuSecurity (VulDB User)
vuldb.com/?id.313692 (VDB-313692 | java-aodeng Hope-Boot Login WebController.java doLogin redirect)
vuldb.com/?ctiid.313692 (VDB-313692 | CTI Indicators (IOB, IOC, TTP, IOA))
vuldb.com/?submit.596681 (Submit #596681 | java-aodeng hope-boot 1.0.0-release Open Redirect)
github.com/...xiuSec/cve-proofs/blob/main/POC-20250613-02.md
github.com/...xiuSec/cve-proofs/blob/main/POC-20250613-02.md
Support options
