CNNVD-202509-3902 Information

CNNVD ID

CNNVD-202509-3902

Related CVE

CVE-2025-56769

• CNNVD Published: 2025-09-25

Description (Chinese)

Hutool是中国Dromara社区的一个小而全的 Java 工具类库。 Hutool 5.8.4之前版本存在安全漏洞，该漏洞源于QLExpressEngine类允许执行任意表达式，可能导致远程代码执行。

Description (English)

Hutool is a small and complete Java tool library for the Dromara community in China. There was a security loophole in the previous version of Hutool 5.8.4, which originated in the QLExpressEngine class, which allowed for arbitrary expressions that could lead to remote code execution.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

dromara

Published

2025-09-25

Last Modified

2026-02-24

References

https://github.com/chinabugotech/hutool/issues/3994

Patch

https://github.com/chinabugotech/hutool/releases