CNNVD-202512-4900 Information

CNNVD ID

CNNVD-202512-4900

Related CVE

CVE-2025-15117

• CNNVD Published: 2025-12-28

Description (Chinese)

Sa-Token是dromara开源的一个轻量级 Java 权限认证框架。 Sa-Token 1.44.0及之前版本存在代码问题漏洞，该漏洞源于对文件SaJdkSerializer.java中函数ObjectInputStream.readObject的错误操作，可能导致反序列化攻击。

Description (English)

Sa-Token is a lightweight Java permissions authentication framework for the open source of doramara. There is a code problem loophole in Sa-Token 1.44.0 and previous versions, which stems from an error in the function of the central function of SaJdkSerializer.java.

Hazard Level

Critical

Vulnerability Type

代码问题

Affected Vendor

dromara

Published

2025-12-28

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.338495 https://github.com/Yohane-Mashiro/Sa-Token-cve https://vuldb.com/?id.338495 https://vuldb.com/?submit.711750 https://access.redhat.com/security/cve/cve-2025-15117