CVE-2025-8963

MEDIUM

Jeecg Jimureport < 2.1.1 - Insecure Deserialization

Title source: rule

Description

A vulnerability was determined in jeecgboot JimuReport up to 2.1.1. Affected by this issue is some unknown functionality of the file /drag/onlDragDataSource/testConnection of the component Data Large Screen Template. The manipulation leads to deserialization. The attack may be launched remotely. The vendor response to the GitHub issue report is: "Modified, next version updated".

References (5)

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/jeecgboot/jimureport/issues/4010

[Issue Tracking, Third Party Advisory] https://github.com/jeecgboot/jimureport/issues/4010#issuecomment-3182053855

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.319958

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.319958

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.628028

Scores

CVSS v3 6.3

EPSS 0.0005

EPSS Percentile 14.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-502 CWE-20

Status published

Affected Products (1)

jeecg/jimureport < 2.1.1

Timeline

Published Aug 14, 2025

Tracked Since Feb 18, 2026