4 matches found
CVE-2025-8526
CVE-2025-8526 : Exrick xboot up to 3.3.4 contains a vulnerability in the UploadController.java Upload function. The parameter File can be manipulated to achieve unrestricted file upload. The issue is exploitable remotely and the exploit has been disclosed publicly. Affected software: Exrick xboot...
CVE-2025-8527
CVE-2025-8527 affects Exrick xboot up to version 3.3.4, involving the Swagger component. The root cause is server-side request forgery triggered by manipulation of the loginUrl parameter in SecurityController.java (xboot-fast/src/main/java/cn/exrick/xboot/modules/base/controller/common/). This Vu...
CVE-2025-8525
CVE-2025-8525 affects Exrick xboot up to 3.3.4, with a root cause tied to an information disclosure in the area of Spring Boot Admin/Spring Actuator . The vulnerability can be triggered remotely and the exploit has been publicly disclosed. Multiple connected sources corroborate the same impact an...
CVE-2025-8528
CVE-2025-8528 affects Exrick xboot up to 3.3.4. An issue in the function at /xboot/permission/getMenuList allows manipulation that stores sensitive information in cleartext in a cookie. The vulnerability can be exploited remotely with high attack complexity and no user interaction. Confidentialit...