CVE-2025-3413 MEDIUM

CVE-2025-3413: opplus springboot-admin SysGeneratorController.java code deserialization

Vendor Opplus

Product springboot-admin

Weakness CWE-502 · Unsafe deserialization

Published April 8, 2025

Last update April 8, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

Description

A vulnerability has been found in opplus springboot-admin up to a2d5310f44fd46780a8686456cf2f9001ab8f024 and classified as critical. Affected by this vulnerability is the function code of the file SysGeneratorController.java. The manipulation of the argument Tables leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

Disclosure timeline

April 8, 2025 CVE published

April 8, 2025 Record updated

Identifiers

CVE CVE-2025-3413

CWE CWE-502

CVSS 5.3 / MEDIUM

Affected versions

Vendor Opplus

Product springboot-admin

Affected a2d5310f44fd46780a8686456cf2f9001ab8f024