CVE-2025-8963

A vulnerability was determined in jeecgboot JimuReport up to 2.1.1. Affected by this issue is some unknown functionality of the file /drag/onlDragDataSource/testConnection of the component Data Large Screen Template. The manipulation leads to deserialization. The attack may be launched remotely. The vendor response to the GitHub issue report is: "Modified, next version updated".

CVSS v3 6.3 MEDIUM
CVSS v2.0 6.5 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/jeecgboot/jimureport/issues/4010	Exploit Issue Tracking Third Party Advisory
https://github.com/jeecgboot/jimureport/issues/4010#issuecomment-3182053855	Issue Tracking Third Party Advisory
https://vuldb.com/?ctiid.319958	Permissions Required VDB Entry
https://vuldb.com/?id.319958	Third Party Advisory VDB Entry
https://vuldb.com/?submit.628028	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:jeecg:jimureport:*:*:*:*:*:*:*:*

History

17 Oct 2025, 17:55

Type	Values Removed	Values Added
Summary		(es) Se detectó una vulnerabilidad en jeecgboot JimuReport hasta la versión 2.1.1. Este problema afecta a una funcionalidad desconocida del archivo /drag/onlDragDataSource/testConnection del componente Data Large Screen Template. La manipulación provoca la deserialización. El ataque puede ejecutarse en remoto. La respuesta del proveedor al informe de problemas en GitHub es: "Modificado, próxima versión actualizada".
First Time		Jeecg jimureport Jeecg
CPE		cpe:2.3:a:jeecg:jimureport::::::::
References	~~() https://github.com/jeecgboot/jimureport/issues/4010 -~~	() https://github.com/jeecgboot/jimureport/issues/4010 - Exploit, Issue Tracking, Third Party Advisory
References	~~() https://github.com/jeecgboot/jimureport/issues/4010#issuecomment-3182053855 -~~	() https://github.com/jeecgboot/jimureport/issues/4010#issuecomment-3182053855 - Issue Tracking, Third Party Advisory
References	~~() https://vuldb.com/?ctiid.319958 -~~	() https://vuldb.com/?ctiid.319958 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.319958 -~~	() https://vuldb.com/?id.319958 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.628028 -~~	() https://vuldb.com/?submit.628028 - Third Party Advisory, VDB Entry

14 Aug 2025, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-14 13:15

Updated : 2025-10-17 17:55

NVD link : CVE-2025-8963

Mitre link : CVE-2025-8963

CVE.ORG link : CVE-2025-8963

JSON object : View

Products Affected

jeecg

jimureport

CWE

CWE-20

Improper Input Validation

CWE-502

Deserialization of Untrusted Data

6.3 /10