CVE-2025-8963

Published: Aug 14, 2025Modified: Oct 17, 2025

5.3

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability was determined in jeecgboot JimuReport up to 2.1.1. Affected by this issue is some unknown functionality of the file /drag/onlDragDataSource/testConnection of the component Data Large Screen Template. The manipulation leads to deserialization. The attack may be launched remotely. The vendor response to the GitHub issue report is: "Modified, next version updated".

Affected (1)

Products: Jeecg: Jimureport

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jeecg Jimureport	Up to 2.1.1

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (5)

https://github.com/jeecgboot/jimureport/issues/4010

Source: cna@vuldb.com

ExploitIssue TrackingThird Party Advisory

https://github.com/jeecgboot/jimureport/issues/4010#issuecomment-3182053855

Source: cna@vuldb.com

Issue TrackingThird Party Advisory

https://vuldb.com/?ctiid.319958

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.319958

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.628028

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

Timeline

No history available yet.