CVE-2025-8963

Medium CVSS: 5.3

A vulnerability was determined in jeecgboot JimuReport up to 2.1.1. Affected by this issue is some unknown functionality of the file /drag/onlDragDataSource/testConnection of the component Data Large Screen Template. The manipulation leads to deserialization. The attack may be launched remotely. The vendor response to the GitHub issue report is: "Modified, next version updated".

Vendor

Jeecg

Product

Jimureport

CWE

CWE-20

Yayın Tarihi

2025-08-14 13:15:38

Güncelleme

2025-10-17 17:55:36

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-20 Jimureport MEDIUM Jeecg 2025

Referanslar

https://github.com/jeecgboot/jimureport/issues/4010 https://github.com/jeecgboot/jimureport/issues/4010#issuecomment-3182053855 https://vuldb.com/?ctiid.319958 https://vuldb.com/?id.319958 https://vuldb.com/?submit.628028

Benzer Kayıtlar

Critical

CVE-2024-40489

There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows a…

Critical

CVE-2024-43028

A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3 allows attackers to exe…

Medium

CVE-2026-2945

A weakness has been identified in JeecgBoot 3.9.0. Affected by this vulnerability is an unknown functionality of the fil…

Medium

CVE-2026-2822

A security vulnerability has been detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the…

Low

CVE-2026-2555

A weakness has been identified in JeecgBoot 3.9.1. This vulnerability affects the function importDocumentFromZip of the…

Medium

CVE-2026-2111

A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this issue is some unknown functionality of the fil…