CVE-2025-8527

Summary

A vulnerability was found in Exrick xboot up to 3.3.4. It has been rated as critical. This issue affects some unknown processing of the file xboot-fast/src/main/java/cn/exrick/xboot/modules/base/controller/common/SecurityController.java of the component Swagger. The manipulation of the argument loginUrl leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
Exrickxboot3.3.0affected
Exrickxboot3.3.1affected
Exrickxboot3.3.2affected
Exrickxboot3.3.3affected
Exrickxboot3.3.4affected

Weaknesses

  • CWE-918: Server-Side Request Forgery

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References