CVE-2025-7763 - Vulnerability Details

A vulnerability, which was classified as problematic, was found in thinkgem JeeSite up to 5.12.0. Affected is the function select of the file src/main/java/com/jeesite/modules/cms/web/SiteController.java of the component Site Controller. The manipulation of the argument redirect leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 3d06b8d009d0267f0255acc87ea19d29d07cedc3. It is recommended to apply a patch to fix this issue.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

No data.

References

Link	Providers
https://github.com/thinkgem/jeesite5/commit/3d06b8d009d0267f0255acc87ea19d29d07cedc3
https://github.com/thinkgem/jeesite5/issues/28
https://github.com/thinkgem/jeesite5/issues/28#issuecomment-3045862239
https://vuldb.com/?ctiid.316758
https://vuldb.com/?id.316758
https://vuldb.com/?submit.616103

History

Fri, 18 Jul 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 18 Jul 2025 07:30:00 +0000

Type	Values Removed	Values Added
References	https://github.com/thinkgem/jeesite5/issues/29 https://vuldb.com/?submit.616104

Fri, 18 Jul 2025 07:15:00 +0000

Type	Values Removed	Values Added
Description	A vulnerability, which was classified as problematic, was found in thinkgem JeeSite up to 5.12.0. Affected is an unknown function of the component Site Controller/SSO. The manipulation leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 3d06b8d009d0267f0255acc87ea19d29d07cedc3. It is recommended to apply a patch to fix this issue. Multiple endpoints are affected.	A vulnerability, which was classified as problematic, was found in thinkgem JeeSite up to 5.12.0. Affected is the function select of the file src/main/java/com/jeesite/modules/cms/web/SiteController.java of the component Site Controller. The manipulation of the argument redirect leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 3d06b8d009d0267f0255acc87ea19d29d07cedc3. It is recommended to apply a patch to fix this issue.
Title	thinkgem JeeSite Site Controller/SSO redirect	thinkgem JeeSite Site Controller SiteController.java select redirect

Thu, 17 Jul 2025 22:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability, which was classified as problematic, was found in thinkgem JeeSite up to 5.12.0. Affected is an unknown function of the component Site Controller/SSO. The manipulation leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 3d06b8d009d0267f0255acc87ea19d29d07cedc3. It is recommended to apply a patch to fix this issue. Multiple endpoints are affected.
Title		thinkgem JeeSite Site Controller/SSO redirect
Weaknesses		CWE-601
References		https://github.com/thinkgem/jeesite5/commit/3d06b8d009d0267f0255acc87ea19d29d07cedc3 https://github.com/thinkgem/jeesite5/issues/28 https://github.com/thinkgem/jeesite5/issues/28#issuecomment-3045862239 https://github.com/thinkgem/jeesite5/issues/29 https://vuldb.com/?ctiid.316758 https://vuldb.com/?id.316758 https://vuldb.com/?submit.616103 https://vuldb.com/?submit.616104
Metrics		cvssV2_0 `{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C'}` cvssV3_0 `{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C'}` cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}`

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2025-07-17T22:14:07.803Z

Updated: 2025-07-18T13:58:45.231Z

Reserved: 2025-07-17T14:35:30.328Z

Link: CVE-2025-7763

Vulnrichment

Updated: 2025-07-18T13:58:06.033Z

NVD

Status : Awaiting Analysis

Published: 2025-07-17T23:15:23.217

Modified: 2025-07-22T13:06:27.983

Link: CVE-2025-7763

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object