Exrick Xboot vulnerabilities
4 known vulnerabilities affecting exrick/xboot.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2025-8526P2CRITICALCVSS 9.8≤ 3.3.4v3.3.0+4 more2025-08-04
CVE-2025-8526 [CRITICAL] CWE-284 CVE-2025-8526: A vulnerability was found in Exrick xboot up to 3.3.4. It has been declared as critical. This vulner
A vulnerability was found in Exrick xboot up to 3.3.4. It has been declared as critical. This vulnerability affects the function Upload of the file xboot-fast/src/main/java/cn/exrick/xboot/modules/base/controller/common/UploadController.java. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. Th
nvd
CVE-2025-8527P2HIGHCVSS 8.8≤ 3.3.4v3.3.0+4 more2025-08-04
CVE-2025-8527 [HIGH] CWE-918 CVE-2025-8527: A vulnerability was found in Exrick xboot up to 3.3.4. It has been rated as critical. This issue aff
A vulnerability was found in Exrick xboot up to 3.3.4. It has been rated as critical. This issue affects some unknown processing of the file xboot-fast/src/main/java/cn/exrick/xboot/modules/base/controller/common/SecurityController.java of the component Swagger. The manipulation of the argument loginUrl leads to server-side request forgery. The attack m
nvd
CVE-2025-8528P3MEDIUMCVSS 5.9≤ 3.3.4v3.3.0+4 more2025-08-04
CVE-2025-8528 [MEDIUM] CWE-312 CVE-2025-8528: A vulnerability classified as problematic has been found in Exrick xboot up to 3.3.4. Affected is an
A vulnerability classified as problematic has been found in Exrick xboot up to 3.3.4. Affected is an unknown function of the file /xboot/permission/getMenuList. The manipulation leads to cleartext storage of sensitive information in a cookie. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability i
nvd
CVE-2025-8525P4MEDIUMCVSS 5.3≤ 3.3.4v3.3.0+4 more2025-08-04
CVE-2025-8525 [MEDIUM] CWE-200 CVE-2025-8525: A vulnerability was found in Exrick xboot up to 3.3.4. It has been classified as problematic. This a
A vulnerability was found in Exrick xboot up to 3.3.4. It has been classified as problematic. This affects an unknown part of the component Spring Boot Admin/Spring Actuator. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
nvd