CNNVD-202506-2969 Information

CNNVD ID

CNNVD-202506-2969

Related CVE

CVE-2025-6509

• CNNVD Published: 2025-06-23

Description (Chinese)

Spring-Analysis是skywalker个人开发者的一个Spring源码阅读笔记。 Spring-Analysis存在代码注入漏洞，该漏洞源于SimpleController.java文件中Name参数处理不当导致跨站脚本。

Description (English)

Spring-Analysis is a Spring source reading note for the Skywalker personal developer. Spring-Anallysis has a code-injecting loophole, which originates from the mishandling of the parameters in the SimpleController.javaName file.

Hazard Level

Critical

Vulnerability Type

代码注入

Affected Vendor

Live Support

Published

2025-06-23

Last Modified

2026-02-24

References

https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250609-01/report.md#steps-to-reproduce https://vuldb.com/?ctiid.313621 https://vuldb.com/?submit.592962 https://vuldb.com/?id.313621 https://access.redhat.com/security/cve/cve-2025-6509