Deserialization Vulnerability in opplus Springboot-Admin Software
CVE-2025-3413

5.3MEDIUM

Key Information:

Vendor: Opplus
Status: Springboot-admin
Vendor: CVE Published:; 8 April 2025

Badges

👾 Exploit Exists

What is CVE-2025-3413?

A vulnerability exists in the SysGeneratorController.java file of the opplus springboot-admin software, allowing for remote attacks through the manipulation of the 'Tables' argument, leading to deserialization issues. This flaw poses a significant risk as it can be exploited by attackers without the need for authentication. Although the vendor was notified of this vulnerability, no response has been received. Given the lack of versioning information for the product, it is essential for users to assess their installations and implement necessary security measures to safeguard against potential exploits.

Affected Version(s)

springboot-admin a2d5310f44fd46780a8686456cf2f9001ab8f024

References

https://vuldb.com/?id.303691

vdb-entrytechnical-description

https://vuldb.com/?ctiid.303691

signaturepermissions-required

https://vuldb.com/?submit.545374

third-party-advisory

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Apr 8, 2025
Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Apr 7, 2025

Credit

maple14711 (VulDB User)

Opplus