QwikSec

Security Database

CVE

CWE

Training

CVE-2025-8527

Published: Aug 4, 2025

Modified: Aug 5, 2025

PUBLISHED

CVSS v3.1

6.3

MEDIUM

Description

A vulnerability was found in Exrick xboot up to 3.3.4. It has been rated as critical. This issue affects some unknown processing of the file xboot-fast/src/main/java/cn/exrick/xboot/modules/base/controller/common/SecurityController.java of the component Swagger. The manipulation of the argument loginUrl leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Vendor	Product	Versions
Exrick	xboot	affected `3.3.0` affected `3.3.1` affected `3.3.2` affected `3.3.3` affected `3.3.4`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

References

VDB-318653 | Exrick xboot Swagger SecurityController.java server-side request forgery

vdb-entry

technical-description

VDB-318653 | CTI Indicators (IOB, IOC, IOA)

signature

permissions-required

Submit #622174 | Exrick https://github.com/Exrick/xboot <=3.3.4 SSRF

third-party-advisory

https://github.com/Exrick/xboot/issues/70

issue-tracking

https://github.com/Exrick/xboot/issues/70#issue-3252425972

exploit

issue-tracking

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.