CVE-2025-9796

low-risk

Published 2025-09-01

A vulnerability was found in thinkgem JeeSite up to 5.12.1. This affects the function decodeUrl2 of the file common/src/main/java/com/jeesite/common/codec/EncodeUtils.java. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 5.13.0 mitigates this issue. The patch is identified as 63773c97a56bdb3649510e83b66c16db4754965b. Upgrading the affected component is recommended.

Do I need to act?

0.04% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.5/10 Low

NETWORK / LOW complexity

Affected Products (1)

Jeesite

Affected Vendors

Jeesite

References (11)

Patch https://github.com/thinkgem/jeesite5/commit/63773c97a56bdb3649510e83b66c16db4754...

Exploit https://github.com/thinkgem/jeesite5/issues/33

Exploit https://github.com/thinkgem/jeesite5/issues/33#issue-3330107533

Exploit https://github.com/thinkgem/jeesite5/issues/33#issuecomment-3197374560

Release Notes https://github.com/thinkgem/jeesite5/releases/tag/v5.13.0.springboo3

Permissions Required https://vuldb.com/?ctiid.322111

Third Party Advisory https://vuldb.com/?id.322111

Third Party Advisory https://vuldb.com/?submit.641125

Exploit https://github.com/thinkgem/jeesite5/issues/33

Exploit https://github.com/thinkgem/jeesite5/issues/33#issue-3330107533

Exploit https://github.com/thinkgem/jeesite5/issues/33#issuecomment-3197374560

/ 100

low-risk

Severity 16/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal