CVE-2025-4839

Summary

A vulnerability has been found in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /paicoding-core/src/main/java/com/github/paicoding/forum/core/util/CrossUtil.java. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
itwangerpaicoding1.0.0affected
itwangerpaicoding1.0.1affected
itwangerpaicoding1.0.2affected
itwangerpaicoding1.0.3affected

Weaknesses

  • CWE-942: Permissive Cross-domain Policy with Untrusted Domains
  • CWE-346: Origin Validation Error

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References