Deserialization Vulnerability in opplus Springboot-Admin Software
CVE-2025-3413

5.3MEDIUM

Key Information:

Vendor

Opplus

Status
Springboot-admin
Vendor
CVE Published:
8 April 2025

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2025-3413?

A vulnerability exists in the SysGeneratorController.java file of the opplus springboot-admin software, allowing for remote attacks through the manipulation of the 'Tables' argument, leading to deserialization issues. This flaw poses a significant risk as it can be exploited by attackers without the need for authentication. Although the vendor was notified of this vulnerability, no response has been received. Given the lack of versioning information for the product, it is essential for users to assess their installations and implement necessary security measures to safeguard against potential exploits.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

springboot-admin a2d5310f44fd46780a8686456cf2f9001ab8f024

References

https://vuldb.com/?id.303691
vdb-entrytechnical-description
https://vuldb.com/?ctiid.303691
signaturepermissions-required
https://vuldb.com/?submit.545374
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

maple14711 (VulDB User)
JSON
.