ByteOS Network

Vulnerability Details :

CVE-2025-7763

Assigner-VulDB

Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5

Published At-17 Jul, 2025 | 22:14

Updated At-18 Jul, 2025 | 13:58

thinkgem JeeSite Site Controller SiteController.java select redirect

A vulnerability, which was classified as problematic, was found in thinkgem JeeSite up to 5.12.0. Affected is the function select of the file src/main/java/com/jeesite/modules/cms/web/SiteController.java of the component Site Controller. The manipulation of the argument redirect leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 3d06b8d009d0267f0255acc87ea19d29d07cedc3. It is recommended to apply a patch to fix this issue.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:VulDB

Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5

Published At:17 Jul, 2025 | 22:14

Updated At:18 Jul, 2025 | 13:58

▼CVE Numbering Authority (CNA)

thinkgem JeeSite Site Controller SiteController.java select redirect

Affected Products

Vendor

thinkgem

Product

JeeSite

Modules

Site Controller

Versions

Affected

5.0
5.1
5.2
5.3
5.4
5.5
5.6
5.7
5.8
5.9
5.10
5.11
5.12.0

Problem Types

Type	CWE ID	Description
CWE	CWE-601	Open Redirect

Type: CWE

CWE ID: CWE-601

Description: Open Redirect

Metrics

Version	Base score	Base severity	Vector
4.0	5.3	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
3.1	4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
3.0	4.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
2.0	5.0	N/A	AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C

Version: 4.0

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Version: 3.1

Base score: 4.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

Version: 3.0

Base score: 4.3

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

Version: 2.0

Base score: 5.0

Base severity: N/A

Vector:

AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C

Credits

reporter

ZAST.AI (VulDB User)

Timeline

Event	Date
Advisory disclosed	2025-07-17 00:00:00
VulDB entry created	2025-07-17 02:00:00
VulDB entry last update	2025-07-18 09:11:17

Event: Advisory disclosed

Date: 2025-07-17 00:00:00

Event: VulDB entry created

Date: 2025-07-17 02:00:00

Event: VulDB entry last update

Date: 2025-07-18 09:11:17

References

Hyperlink	Resource
https://vuldb.com/?id.316758	vdb-entry technical-description
https://vuldb.com/?ctiid.316758	signature permissions-required
https://vuldb.com/?submit.616103	third-party-advisory
https://github.com/thinkgem/jeesite5/issues/28	exploit issue-tracking
https://github.com/thinkgem/jeesite5/issues/28#issuecomment-3045862239	issue-tracking
https://github.com/thinkgem/jeesite5/commit/3d06b8d009d0267f0255acc87ea19d29d07cedc3	patch

Hyperlink: https://vuldb.com/?id.316758

Resource:

vdb-entry

technical-description

Hyperlink: https://vuldb.com/?ctiid.316758

Resource:

signature

permissions-required

Hyperlink: https://vuldb.com/?submit.616103

Resource:

third-party-advisory

Hyperlink: https://github.com/thinkgem/jeesite5/issues/28

Resource:

exploit

issue-tracking

Hyperlink: https://github.com/thinkgem/jeesite5/issues/28#issuecomment-3045862239

Resource:

issue-tracking

Hyperlink: https://github.com/thinkgem/jeesite5/commit/3d06b8d009d0267f0255acc87ea19d29d07cedc3

Resource:

patch

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

References

Hyperlink	Resource
https://github.com/thinkgem/jeesite5/issues/28	exploit
https://github.com/thinkgem/jeesite5/issues/28#issuecomment-3045862239	exploit

Hyperlink: https://github.com/thinkgem/jeesite5/issues/28

Resource:

exploit

Hyperlink: https://github.com/thinkgem/jeesite5/issues/28#issuecomment-3045862239

Resource:

exploit

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cna@vuldb.com

Published At:17 Jul, 2025 | 23:15

Updated At:22 Jul, 2025 | 13:06

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	5.3	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary	3.1	4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Secondary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N

Type: Secondary

Version: 4.0

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 3.1

Base score: 4.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Type: Secondary

Version: 2.0

Base score: 5.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:N/I:P/A:N

Weaknesses

CWE ID	Type	Source
CWE-601	Secondary	cna@vuldb.com

CWE ID: CWE-601

Type: Secondary

Source: cna@vuldb.com

References

Hyperlink	Source	Resource
https://github.com/thinkgem/jeesite5/commit/3d06b8d009d0267f0255acc87ea19d29d07cedc3	cna@vuldb.com	N/A
https://github.com/thinkgem/jeesite5/issues/28	cna@vuldb.com	N/A
https://github.com/thinkgem/jeesite5/issues/28#issuecomment-3045862239	cna@vuldb.com	N/A
https://vuldb.com/?ctiid.316758	cna@vuldb.com	N/A
https://vuldb.com/?id.316758	cna@vuldb.com	N/A
https://vuldb.com/?submit.616103	cna@vuldb.com	N/A
https://github.com/thinkgem/jeesite5/issues/28	134c704f-9b21-4f2e-91b3-4a467353bcc0	N/A
https://github.com/thinkgem/jeesite5/issues/28#issuecomment-3045862239	134c704f-9b21-4f2e-91b3-4a467353bcc0	N/A

Hyperlink: https://github.com/thinkgem/jeesite5/commit/3d06b8d009d0267f0255acc87ea19d29d07cedc3

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://github.com/thinkgem/jeesite5/issues/28

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://github.com/thinkgem/jeesite5/issues/28#issuecomment-3045862239

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://vuldb.com/?ctiid.316758

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://vuldb.com/?id.316758

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://vuldb.com/?submit.616103

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://github.com/thinkgem/jeesite5/issues/28

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Resource: N/A

Hyperlink: https://github.com/thinkgem/jeesite5/issues/28#issuecomment-3045862239

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Resource: N/A

Similar CVEs

56Records found

CVE-2022-43950

Matching Score-4

Assigner-Fortinet, Inc.

View Details

Matching Score-4

Assigner-Fortinet, Inc.

CVSS Score-3.9||LOW

EPSS-0.50% / 65.96%

7 Day CHG-0.00%

Published-03 May, 2023 | 21:26

Updated-22 Oct, 2024 | 20:46

A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL.

Vendor-Fortinet, Inc.

Product-fortinac fortinac-f FortiNAC

CWE ID-CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

CVE-2024-11955

Matching Score-4

Assigner-VulDB

View Details

Matching Score-4

Assigner-VulDB

CVSS Score-5.3||MEDIUM

EPSS-0.24% / 47.47%

7 Day CHG~0.00%

Published-25 Feb, 2025 | 15:07

Updated-04 Mar, 2025 | 13:49

GLPI index.php redirect

A vulnerability was found in GLPI up to 10.0.17. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument redirect leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.0.18 is able to address this issue. It is recommended to upgrade the affected component.

Vendor-n/a GLPI Project

Product-glpi GLPI

CWE ID-CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

CVE-2024-0545

Matching Score-4

Assigner-VulDB

View Details

Matching Score-4

Assigner-VulDB

CVSS Score-6.9||MEDIUM

EPSS-0.07% / 20.96%

7 Day CHG~0.00%

Published-15 Jan, 2024 | 06:00

Updated-21 Apr, 2025 | 15:15

CodeCanyon RISE Ultimate Project Manager signin redirect

A vulnerability classified as problematic was found in CodeCanyon RISE Ultimate Project Manager 3.5.3. This vulnerability affects unknown code of the file /index.php/signin. The manipulation of the argument redirect with the input http://evil.com leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Vendor-fairsketch CodeCanyon

Product-rise_ultimate_project_manager RISE Ultimate Project Manager

CWE ID-CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

CVE-2022-35406

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.26% / 49.02%

7 Day CHG~0.00%

Published-08 Jul, 2022 | 15:33

Updated-03 Aug, 2024 | 09:36

A URL disclosure issue was discovered in Burp Suite before 2022.6. If a user views a crafted response in the Repeater or Intruder, it may be incorrectly interpreted as a redirect.

Vendor-portswigger n/a

Product-burp_suite n/a

CWE ID-CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

CVE-2022-3381

Matching Score-4

Assigner-GitLab Inc.

View Details

Matching Score-4

Assigner-GitLab Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.54% / 67.92%

7 Day CHG-0.00%

Published-09 Mar, 2023 | 00:00

Updated-28 Feb, 2025 | 17:31

An issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8, 15.8 prior to 15.8.4 and 15.9 prior to 15.9.2. A crafted URL could be used to redirect users to arbitrary sites

Vendor-GitLab Inc.

Product-gitlab GitLab

CWE ID-CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

CVE-2025-14692

Matching Score-4

Assigner-VulDB

View Details

Matching Score-4

Assigner-VulDB

CVSS Score-5.3||MEDIUM

EPSS-0.10% / 26.51%

7 Day CHG-0.08%

Published-14 Dec, 2025 | 23:32

Updated-15 Dec, 2025 | 20:05

Mayan EDMS authentication redirect

A flaw has been found in Mayan EDMS up to 4.10.1. The impacted element is an unknown function of the file /authentication/. This manipulation causes open redirect. It is possible to initiate the attack remotely. The exploit has been published and may be used. Upgrading to version 4.10.2 is sufficient to resolve this issue. The affected component should be upgraded. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."

Vendor-Mayan

Product-EDMS

CWE ID-CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

CVE-2025-7763

Credits

thinkgem JeeSite Site Controller SiteController.java select redirect

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs