CNNVD-202510-3503 Information

CNNVD ID

CNNVD-202510-3503

Related CVE

CVE-2025-12305

• CNNVD Published: 2025-10-27

Description (Chinese)

shiyi-blog是bule个人开发者的一款vue+springboot前后端分离的博客系统。 shiyi-blog 1.2.1及之前版本存在代码问题漏洞，该漏洞源于文件src/main/java/com/mojian/controller/SysJobController.java中Job Handler组件存在反序列化问题，可能被远程利用。

Description (English)

#shiyi-blog is a back-to-back, back-to-back, and back-to-back-to-back blog system of the bulle personal developer. Shiyi-blog 1.2.1 and previous versions had a code problem loophole, which originated in document src/main/java/com/mojian/controller/SysJobController.java ’ s Job Handler component was inverse sequence and could be used remotely.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

个人开发者

Published

2025-10-27

Last Modified

2026-02-24

References

https://github.com/dongodid/cve-sub/blob/main/shiyi-blog/RCE.md https://vuldb.com/?submit.676730 https://vuldb.com/?ctiid.329977 https://vuldb.com/?submit.676725 https://vuldb.com/?id.329977 https://access.redhat.com/security/cve/cve-2025-12305