Lucene search
K
ExrickXboot

4 matches found

CVE
CVE
added 2025/08/04 9:2 p.m.28 views

CVE-2025-8526

CVE-2025-8526 : Exrick xboot up to 3.3.4 contains a vulnerability in the UploadController.java Upload function. The parameter File can be manipulated to achieve unrestricted file upload. The issue is exploitable remotely and the exploit has been disclosed publicly. Affected software: Exrick xboot...

9.8CVSS6.4AI score0.00322EPSS
CVE
CVE
added 2025/08/04 9:32 p.m.28 views

CVE-2025-8527

CVE-2025-8527 affects Exrick xboot up to version 3.3.4, involving the Swagger component. The root cause is server-side request forgery triggered by manipulation of the loginUrl parameter in SecurityController.java (xboot-fast/src/main/java/cn/exrick/xboot/modules/base/controller/common/). This Vu...

8.8CVSS6.5AI score0.00308EPSS
CVE
CVE
added 2025/08/04 8:32 p.m.25 views

CVE-2025-8525

CVE-2025-8525 affects Exrick xboot up to 3.3.4, with a root cause tied to an information disclosure in the area of Spring Boot Admin/Spring Actuator . The vulnerability can be triggered remotely and the exploit has been publicly disclosed. Multiple connected sources corroborate the same impact an...

6.9CVSS5.2AI score0.00433EPSS
CVE
CVE
added 2025/08/04 10:2 p.m.23 views

CVE-2025-8528

CVE-2025-8528 affects Exrick xboot up to 3.3.4. An issue in the function at /xboot/permission/getMenuList allows manipulation that stores sensitive information in cleartext in a cookie. The vulnerability can be exploited remotely with high attack complexity and no user interaction. Confidentialit...

6.3CVSS6.7AI score0.00297EPSS