CVE-2025-8708 LOW

CVE-2025-8708: Antabot White-Jotter com.gm.wj.config.ShiroConfiguration ShiroConfiguration.java CookieRememberMeManager deserialization

Vendor Antabot

Product White-Jotter

Weakness CWE-502 · Unsafe deserialization

Published August 8, 2025

Last update August 8, 2025

View on NVD All CVEs

CVSS base score

2.3/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A vulnerability was found in Antabot White-Jotter 0.22. It has been declared as critical. This vulnerability affects the function CookieRememberMeManager of the file ShiroConfiguration.java of the component com.gm.wj.config.ShiroConfiguration. The manipulation with the input EVANNIGHTLY_WAOU leads to deserialization. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

Key dates

Disclosure timeline

August 8, 2025 CVE published

August 8, 2025 Record updated