CVE-2025-7863

low-risk
Published 2025-07-20

A vulnerability was found in thinkgem JeeSite up to 5.12.0 and classified as problematic. Affected by this issue is the function redirectUrl of the file src/main/java/com/jeesite/common/web/http/ServletUtils.java. The manipulation of the argument url leads to open redirect. The attack may be launched remotely. The name of the patch is 3d06b8d009d0267f0255acc87ea19d29d07cedc3. It is recommended to apply a patch to fix this issue.

Do I need to act?

-
0.06% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.5/10 Low
NETWORK / LOW complexity

Affected Products (1)

Jeesite

Affected Vendors

Jeesite

References (8)

Patch https://github.com/thinkgem/jeesite5/commit/3d06b8d009d0267f0255acc87ea19d29d07c...
Exploit https://github.com/thinkgem/jeesite5/issues/30
Issue Tracking https://github.com/thinkgem/jeesite5/issues/30#issuecomment-3045861920
Permissions Required https://vuldb.com/?ctiid.316976
Third Party Advisory https://vuldb.com/?id.316976
Third Party Advisory https://vuldb.com/?submit.618188
Exploit https://github.com/thinkgem/jeesite5/issues/30
Issue Tracking https://github.com/thinkgem/jeesite5/issues/30#issuecomment-3045861920
21
/ 100
low-risk
Severity 16/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal