Home

Description

EN DE

A vulnerability was found in thinkgem JeeSite up to 5.12.0 and classified as problematic. Affected by this issue is the function redirectUrl of the file src/main/java/com/jeesite/common/web/http/ServletUtils.java. The manipulation of the argument url leads to open redirect. The attack may be launched remotely. The name of the patch is 3d06b8d009d0267f0255acc87ea19d29d07cedc3. It is recommended to apply a patch to fix this issue.

Eine Schwachstelle wurde in thinkgem JeeSite bis 5.12.0 gefunden. Sie wurde als problematisch eingestuft. Es geht hierbei um die Funktion redirectUrl der Datei src/main/java/com/jeesite/common/web/http/ServletUtils.java. Dank der Manipulation des Arguments url mit unbekannten Daten kann eine open redirect-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Patch wird als 3d06b8d009d0267f0255acc87ea19d29d07cedc3 bezeichnet. Als bestmögliche Massnahme wird Patching empfohlen.

PUBLISHED Reserved 2025-07-19 | Published 2025-07-20 | Updated 2025-07-22 | Assigner VulDB




MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X
LOW: 3.5CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:X/RL:O/RC:C
LOW: 3.5CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:X/RL:O/RC:C
4.0AV:N/AC:L/Au:S/C:N/I:P/A:N/E:ND/RL:OF/RC:C

Problem types

Open Redirect

Product status

5.0
affected

5.1
affected

5.2
affected

5.3
affected

5.4
affected

5.5
affected

5.6
affected

5.7
affected

5.8
affected

5.9
affected

5.10
affected

5.11
affected

5.12.0
affected

Timeline

2025-07-19:Advisory disclosed
2025-07-19:VulDB entry created
2025-07-19:VulDB entry last update

Credits

ZAST.AI (VulDB User) reporter

References

github.com/thinkgem/jeesite5/issues/30 exploit

github.com/thinkgem/jeesite5/issues/30 exploit

vuldb.com/?id.316976 (VDB-316976 | thinkgem JeeSite ServletUtils.java redirectUrl) vdb-entry technical-description

vuldb.com/?ctiid.316976 (VDB-316976 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.618188 (Submit #618188 | JeeSite https://github.com/thinkgem/jeesite5 <=5.12.0 Open Redirect) third-party-advisory

github.com/thinkgem/jeesite5/issues/30 issue-tracking

github.com/thinkgem/jeesite5/issues/30 issue-tracking

github.com/...ommit/3d06b8d009d0267f0255acc87ea19d29d07cedc3 patch

cve.org (CVE-2025-7863)

nvd.nist.gov (CVE-2025-7863)

Download JSON