CNNVD-202512-5474 Information

CNNVD ID

CNNVD-202512-5474

Related CVE

CVE-2025-15222

• CNNVD Published: 2025-12-30

Description (Chinese)

Sa-Token是dromara开源的一个轻量级 Java 权限认证框架。 Sa-Token 1.44.0及之前版本存在代码问题漏洞，该漏洞源于对文件SaSerializerTemplateForJdkUseBase64.java中函数ObjectInputStream.readObject的错误操作，可能导致反序列化攻击。

Description (English)

Sa-Token is a lightweight Java permissions authentication framework for the open source of doramara. There is a code gap in Sa-Token 1.44.0 and earlier versions, which stems from an error in the operation of the central function of SaSerializer TemplateForJdkUseBase64.java, ObjectInputStream.readObject, which may result in a counter-serialization attack.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

dromara

Published

2025-12-30

Last Modified

2026-02-24

References

https://github.com/Yohane-Mashiro/satoken-deserialization https://vuldb.com/?ctiid.338607 https://vuldb.com/?id.338607 https://vuldb.com/?submit.717703