Command Injection Vulnerability in Wangzhixuan Spring Shiro Training
CVE-2025-8752

6.9MEDIUM

Key Information:

Vendor

Wangzhixuan

Status
Spring-shiro-training
Vendor
CVE Published:
9 August 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-8752?

A command injection vulnerability exists in Wangzhixuan's Spring Shiro Training, allowing attackers to execute arbitrary commands through the compromised script located at /role/add. This weakness can be exploited remotely, enabling unauthorized users to manipulate the application's behavior. Given the continuous delivery nature of the software, specific version details of the affected releases remain unavailable. Security measures should be taken to mitigate risks and protect sensitive data from potential exploitation.

Affected Version(s)

spring-shiro-training 94812c1fd8f7fe796c931f4984ff1aa0671ab562

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-8752 - Proof of Concept

References

https://vuldb.com/?id.319246
vdb-entry
https://vuldb.com/?ctiid.319246
signaturepermissions-required
https://vuldb.com/?submit.623679
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

fushuling (VulDB User)
.
CVE-2025-8752 : Command Injection Vulnerability in Wangzhixuan Spring Shiro Training