CNNVD-202506-3048 Information

CNNVD ID

CNNVD-202506-3048

Related CVE

CVE-2025-6552

• CNNVD Published: 2025-06-24

Description (Chinese)

Hope-Boot是java-aodeng个人开发者的一款现代化的脚手架项目。 Hope-Boot 1.0.0版本存在输入验证错误漏洞，该漏洞源于WebController.java中doLogin函数对参数redirect_url处理不当，可能导致开放重定向。

Description (English)

Hope-Boot is a modern scaffolding project for Java-aodeng personal developers. Hope-Boot 1.0.0 has an input authentication error loophole, which stems from the inappropriate handling of argument redirect url by the doLogin function in WebController.java, which may lead to open redirection.

Hazard Level

High

Vulnerability Type

输入验证错误

Affected Vendor

Live Support

Published

2025-06-24

Last Modified

2026-02-24

References

https://vuldb.com/?id.313692 https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250613-02.md https://vuldb.com/?ctiid.313692 https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250613-02.md#steps-to-reproduce https://vuldb.com/?submit.596681 https://access.redhat.com/security/cve/cve-2025-6552