We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-8708

Antabot White-Jotter com.gm.wj.config.ShiroConfiguration ShiroConfiguration.java CookieRememberMeManager deserialization



Description

EN DE

A vulnerability was found in Antabot White-Jotter 0.22. It has been declared as critical. This vulnerability affects the function CookieRememberMeManager of the file ShiroConfiguration.java of the component com.gm.wj.config.ShiroConfiguration. The manipulation with the input EVANNIGHTLY_WAOU leads to deserialization. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

In Antabot White-Jotter 0.22 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Dabei geht es um die Funktion CookieRememberMeManager der Datei ShiroConfiguration.java der Komponente com.gm.wj.config.ShiroConfiguration. Mittels Manipulieren mit der Eingabe EVANNIGHTLY_WAOU mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Die Komplexität eines Angriffs ist eher hoch. Das Ausnutzen gilt als schwierig. Der Exploit steht zur öffentlichen Verfügung.

Reserved 2025-08-07 | Published 2025-08-08 | Updated 2025-08-08 | Assigner VulDB


LOW: 2.3CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
MEDIUM: 5.0CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
MEDIUM: 5.0CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
4.6AV:N/AC:H/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

Problem types

Deserialization

Improper Input Validation

Product status

0.22
affected

Timeline

2025-08-07:Advisory disclosed
2025-08-07:VulDB entry created
2025-08-07:VulDB entry last update

Credits

ez-lbz (VulDB User) reporter

References

vuldb.com/?id.319138 (VDB-319138 | Antabot White-Jotter com.gm.wj.config.ShiroConfiguration ShiroConfiguration.java CookieRememberMeManager deserialization) vdb-entry technical-description

vuldb.com/?ctiid.319138 (VDB-319138 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.621105 (Submit #621105 | Antabot White-Jotter v0.22 deserialization attack) third-party-advisory

github.com/Antabot/White-Jotter/issues/161 issue-tracking

github.com/Antabot/White-Jotter/issues/161 exploit issue-tracking

cve.org (CVE-2025-8708)

nvd.nist.gov (CVE-2025-8708)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-8708

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.