CVE-2025-7763

Summary

A vulnerability, which was classified as problematic, was found in thinkgem JeeSite up to 5.12.0. Affected is the function select of the file src/main/java/com/jeesite/modules/cms/web/SiteController.java of the component Site Controller. The manipulation of the argument redirect leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 3d06b8d009d0267f0255acc87ea19d29d07cedc3. It is recommended to apply a patch to fix this issue.

Affected Software

VendorProductVersion RangeStatus
thinkgemJeeSite5.0affected
thinkgemJeeSite5.1affected
thinkgemJeeSite5.2affected
thinkgemJeeSite5.3affected
thinkgemJeeSite5.4affected
thinkgemJeeSite5.5affected
thinkgemJeeSite5.6affected
thinkgemJeeSite5.7affected
thinkgemJeeSite5.8affected
thinkgemJeeSite5.9affected
thinkgemJeeSite5.10affected
thinkgemJeeSite5.11affected
thinkgemJeeSite5.12.0affected

Weaknesses

  • CWE-601: Open Redirect

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References