CNNVD-202510-1153 Information

CNNVD ID

CNNVD-202510-1153

Related CVE

CVE-2025-60828

• CNNVD Published: 2025-10-08

Description (Chinese)

WukongCRM是中国悟空（Wukong）公司的一个客户关系管理 (CRM) 系统。 WukongCRM 9.0-JAVA版本存在安全漏洞，该漏洞源于/OaExamine/setOaExamine接口存在fastjson反序列化问题，可能导致任意代码执行。

Description (English)

WukongCRM is a customer relationship management (CRM) system of Wukong, China. The WukongCRM 9.0-JAVA version contains a security loophole, which stems from the problem of the fastjson backsequencing of the /OaExamine/setOaExamine interface, which may lead to arbitrary code execution.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

悟空

Published

2025-10-08

Last Modified

2026-02-24

References

https://gist.github.com/ChangeYourWay/424478421d6a78d1f87d324cddcbfd59 https://github.com/ChangeYourWay/post/blob/main/WukongCRM-9.0-JAVA.md https://access.redhat.com/security/cve/cve-2025-60828