CVE-2025-10770
BaseFortify
Publication date: 2025-09-21
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jeecg | jimureport | to 2.1.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in jeecgboot JimuReport up to version 2.1.2, specifically in the MySQL JDBC Handler component's /drag/onlDragDataSource/testConnection function. It involves deserialization caused by manipulation, which can be exploited remotely. The exploit has been made public, meaning attackers can potentially use it to compromise affected systems.
How can this vulnerability impact me? :
The vulnerability allows remote attackers to perform deserialization attacks, which can lead to unauthorized actions such as executing malicious code or compromising the integrity and availability of the affected system. This can result in partial loss of confidentiality, integrity, and availability of data and services.