CVE-2025-8708

Exploit

EPSS 0.36%
Veröffentlicht 08.08.2025 02:32:05
Zuletzt bearbeitet 29.04.2026 01:00:01
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

Antabot White-Jotter com.gm.wj.config.ShiroConfiguration ShiroConfiguration.java CookieRememberMeManager deserialization

A vulnerability was found in Antabot White-Jotter 0.22. It has been declared as critical. This vulnerability affects the function CookieRememberMeManager of the file ShiroConfiguration.java of the component com.gm.wj.config.ShiroConfiguration. The manipulation with the input EVANNIGHTLY_WAOU leads to deserialization. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

Betroffene Produkte Warnungen 0 Metriken 5 CWE 2 Referenzen 8

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Antabot ≫ White-jotter Version0.2.2

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.36%	0.277

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	1.6	5.9	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com	1.3	0	0	CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	5	1.6	3.4	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	4.6	3.9	6.4	AV:N/AC:H/Au:S/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://vuldb.com/?id.319138

Third Party Advisory

VDB Entry

https://vuldb.com/?ctiid.319138

VDB Entry

Permissions Required

https://vuldb.com/?submit.621105

Third Party Advisory

VDB Entry

https://github.com/Antabot/White-Jotter/issues/161

Exploit

Issue Tracking

https://github.com/Antabot/White-Jotter/issues/161#issue-3254420874

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2025-8708

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-8708

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-8708

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-8708