CVE-2025-7785

Summary

A vulnerability classified as problematic was found in thinkgem JeeSite up to 5.12.0. This vulnerability affects the function sso of the file src/main/java/com/jeesite/modules/sys/web/SsoController.java. The manipulation of the argument redirect leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 3d06b8d009d0267f0255acc87ea19d29d07cedc3. It is recommended to apply a patch to fix this issue.

Affected Software

VendorProductVersion RangeStatus
thinkgemJeeSite5.0affected
thinkgemJeeSite5.1affected
thinkgemJeeSite5.2affected
thinkgemJeeSite5.3affected
thinkgemJeeSite5.4affected
thinkgemJeeSite5.5affected
thinkgemJeeSite5.6affected
thinkgemJeeSite5.7affected
thinkgemJeeSite5.8affected
thinkgemJeeSite5.9affected
thinkgemJeeSite5.10affected
thinkgemJeeSite5.11affected
thinkgemJeeSite5.12.0affected

Weaknesses

  • CWE-601: Open Redirect

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References