CVE-2025-5186 MEDIUM

CVE-2025-5186: thinkgem JeeSite URI Scheme form ResourceLoader.getResource server-side request forgery

Vendor Thinkgem
Product JeeSite
Weakness CWE-918 · SSRF
Published May 26, 2025
Last update May 28, 2025
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in thinkgem JeeSite up to 5.11.1. It has been rated as critical. Affected by this issue is the function ResourceLoader.getResource of the file /cms/fileTemplate/form of the component URI Scheme Handler. The manipulation of the argument Name leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

May 26, 2025 CVE published
May 28, 2025 Record updated