CVE-2025-15117 | Dromara Sa-Token up to 1.44.0 SaJdkSerializer.java ObjectInputStream.readObject deserialization

Inserito da Angelo Barbosa | Dic 27, 2025 | CVE

A vulnerability, which was classified as critical, was found in Dromara Sa-Token up to 1.44.0. This affects the function ObjectInputStream.readObject of the file SaJdkSerializer.java. Executing manipulation can lead to deserialization.

The identification of this vulnerability is CVE-2025-15117. The attack may be launched remotely. There is no exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-15117 | Dromara Sa-Token up to 1.44.0 SaJdkSerializer.java ObjectInputStream.readObject deserialization

Post correlati

CVE-2025-7768 | Tigo Energy Cloud Connect Advanced up to 4.0.1 hard-coded credentials (icsa-25-217-02)

CVE-2024-4551 | YotuWP Video Gallery Plugin up to 1.3.13 on WordPress Shortcode file inclusion

CVE-2025-60151 | WP Gravity Forms HubSpot Plugin up to 1.2.5 on WordPress redirect

CVE-2024-28286 | mz-automation libiec61850 1.4.0 mmsServer_handleFileCloseRequest.c mmsServer_handleFileCloseRequest null pointer dereference (Issue 496)