Open Redirect Vulnerability in Thinkgem JeeSite Affects Remote Authentication
CVE-2025-7785

5.3MEDIUM

Key Information:

Vendor

Thinkgem

Status
Jeesite
Vendor
CVE Published:
18 July 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-7785?

A vulnerability has been identified in Thinkgem JeeSite versions up to 5.12.0, specifically in the SsoController.java file's sso function. This flaw allows for open redirection, which can be exploited remotely without the necessity for authentication. Attackers can manipulate the redirect argument to redirect users to malicious sites, potentially compromising sensitive information. Given that this vulnerability is publicly known, it's crucial for users of the affected product to apply the provided patch (commit hash: 3d06b8d009d0267f0255acc87ea19d29d07cedc3) to mitigate risks.

Affected Version(s)

JeeSite 5.0

JeeSite 5.1

JeeSite 5.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-7785 - Proof of Concept

References

https://vuldb.com/?id.316846
vdb-entrytechnical-description
https://vuldb.com/?ctiid.316846
signaturepermissions-required
https://vuldb.com/?submit.616104
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

ZAST.AI (VulDB User)
.
CVE-2025-7785 : Open Redirect Vulnerability in Thinkgem JeeSite Affects Remote Authentication