Exploitation Summary
EIP tracks 1 public exploit for CVE-2025-53606. PoCs published by exploitintel.
AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2025-53606, demonstrating a deserialization vulnerability in Apache Seata's Fury serializer component. The exploit includes network-based payloads and direct JVM-level tests to confirm the whitelist bypass.
Description
Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). This issue affects Apache Seata (incubating): 2.4.0. Users are recommended to upgrade to version 2.5.0, which fixes the issue.
Exploits (1)
This repository contains a functional exploit PoC for CVE-2025-53606, demonstrating a deserialization vulnerability in Apache Seata's Fury serializer component. The exploit includes network-based payloads and direct JVM-level tests to confirm the whitelist bypass.
References (2)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
