CVE-2025-7863 Information

Jul 21, 2025 cve

Description

A vulnerability was found in thinkgem JeeSite up to 5.12.0 and classified as problematic. Affected by this issue is the function redirectUrl of the file src/main/java/com/jeesite/common/web/http/ServletUtils.java. The manipulation of the argument url leads to open redirect. The attack may be launched remotely. The name of the patch is 3d06b8d009d0267f0255acc87ea19d29d07cedc3. It is recommended to apply a patch to fix this issue.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Reference

https://github.com/thinkgem/jeesite5/commit/3d06b8d009d0267f0255acc87ea19d29d07cedc3 https://github.com/thinkgem/jeesite5/issues/30 https://github.com/thinkgem/jeesite5/issues/30#issuecomment-3045861920 https://vuldb.com/?ctiid.316976 https://vuldb.com/?id.316976 https://vuldb.com/?submit.618188 A vulnerability was found in thinkgem JeeSite up to 5.12.0 and classified as problematic. Affected by this issue is the function redirectUrl of the file src/main/java/com/jeesite/common/web/http/ServletUtils.java. The manipulation of the argument url leads to open redirect. The attack may be launched remotely. The name of the patch is 3d06b8d009d0267f0255acc87ea19d29d07cedc3. It is recommended to apply a patch to fix this issue.

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

3.5

CNNVD-202507-2536 (Published: 2025-07-20)

Share on: