CVE-2025-15222 | Dromara Sa-Token up to 1.44.0 SaSerializerTemplateForJdkUseBase64.java ObjectInputStream.readObject deserialization

Inserito da Angelo Barbosa | Dic 28, 2025 | CVE

A vulnerability, which was classified as critical, was found in Dromara Sa-Token up to 1.44.0. This issue affects the function ObjectInputStream.readObject of the file SaSerializerTemplateForJdkUseBase64.java. Such manipulation leads to deserialization.

This vulnerability is documented as CVE-2025-15222. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-15222 | Dromara Sa-Token up to 1.44.0 SaSerializerTemplateForJdkUseBase64.java ObjectInputStream.readObject deserialization

Post correlati

CVE-2024-7211 | 1E Platform 8.4.1.229/23.7.1.80/23.11.1.15/24.7 redirect

CVE-2025-26366 | Nozomi Q-Free MaxTime up to 2.11.0 HTTP routes.lua missing authentication

CVE-2024-40831 | Apple macOS up to 14.7 Photo Library permission

CVE-2025-10762 | kuaifan DooTask up to 1.2.49 UsersController.php keys[department] sql injection (Issue 283)