CVE-2025-4838 MEDIUM

CVE-2025-4838: kanwangzjm Funiture Login LoginServlet.java doPost redirect

Vendor Kanwangzjm

Product Funiture

Weakness CWE-601 · Open redirect

Published May 17, 2025

Last update May 19, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

Description

A vulnerability, which was classified as problematic, was found in kanwangzjm Funiture up to 71ca0fb0658b3d839d9e049ac36429207f05329b. Affected is the function doPost of the file /funiture-master/src/main/java/com/app/mvc/acl/servlet/LoginServlet.java of the component Login. The manipulation of the argument ret leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

Key dates

Disclosure timeline

May 17, 2025 CVE published

May 19, 2025 Record updated

Identifiers

CVE CVE-2025-4838

CWE CWE-601

CVSS 5.3 / MEDIUM

Affected versions

Vendor Kanwangzjm

Product Funiture

Affected 71ca0fb0658b3d839d9e049ac36429207f05329b