{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-4838", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-05-16T14:37:53.248Z", "datePublished": "2025-05-17T21:31:04.058Z", "dateUpdated": "2025-05-19T14:35:13.558Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-05-17T21:31:04.058Z"}, "title": "kanwangzjm Funiture Login LoginServlet.java doPost redirect", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-601", "lang": "en", "description": "Open Redirect"}]}], "affected": [{"vendor": "kanwangzjm", "product": "Funiture", "versions": [{"version": "71ca0fb0658b3d839d9e049ac36429207f05329b", "status": "affected"}], "modules": ["Login"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in kanwangzjm Funiture up to 71ca0fb0658b3d839d9e049ac36429207f05329b. Affected is the function doPost of the file /funiture-master/src/main/java/com/app/mvc/acl/servlet/LoginServlet.java of the component Login. The manipulation of the argument ret leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in kanwangzjm Funiture bis 71ca0fb0658b3d839d9e049ac36429207f05329b gefunden. Sie wurde als problematisch eingestuft. Hiervon betroffen ist die Funktion doPost der Datei /funiture-master/src/main/java/com/app/mvc/acl/servlet/LoginServlet.java der Komponente Login. Durch Manipulieren des Arguments ret mit unbekannten Daten kann eine open redirect-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Dieses Produkt verzichtet auf eine Versionierung und verwendet stattdessen Rolling Releases. Deshalb sind keine Details zu betroffenen oder zu aktualisierende Versionen vorhanden."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "timeline": [{"time": "2025-05-16T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-05-16T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-05-16T16:42:56.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "ShenxiuSecurity (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.309306", "name": "VDB-309306 | kanwangzjm Funiture Login LoginServlet.java doPost redirect", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.309306", "name": "VDB-309306 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.574825", "name": "Submit #574825 | kanwangzjm funiture master branch Open Redirect", "tags": ["third-party-advisory"]}, {"url": "https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250510-01.md", "tags": ["exploit"]}]}, "adp": [{"references": [{"url": "https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250510-01.md", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-19T14:35:10.655033Z", "id": "CVE-2025-4838", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-19T14:35:13.558Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4838", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-19T14:35:10.655033Z"}}}], "references": [{"url": "https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250510-01.md", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-19T14:35:04.592Z"}}], "cna": {"title": "kanwangzjm Funiture Login LoginServlet.java doPost redirect", "credits": [{"lang": "en", "type": "reporter", "value": "ShenxiuSecurity (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "affected": [{"vendor": "kanwangzjm", "modules": ["Login"], "product": "Funiture", "versions": [{"status": "affected", "version": "71ca0fb0658b3d839d9e049ac36429207f05329b"}]}], "timeline": [{"lang": "en", "time": "2025-05-16T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-05-16T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-05-16T16:42:56.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.309306", "name": "VDB-309306 | kanwangzjm Funiture Login LoginServlet.java doPost redirect", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.309306", "name": "VDB-309306 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.574825", "name": "Submit #574825 | kanwangzjm funiture master branch Open Redirect", "tags": ["third-party-advisory"]}, {"url": "https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250510-01.md", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in kanwangzjm Funiture up to 71ca0fb0658b3d839d9e049ac36429207f05329b. Affected is the function doPost of the file /funiture-master/src/main/java/com/app/mvc/acl/servlet/LoginServlet.java of the component Login. The manipulation of the argument ret leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in kanwangzjm Funiture bis 71ca0fb0658b3d839d9e049ac36429207f05329b gefunden. Sie wurde als problematisch eingestuft. Hiervon betroffen ist die Funktion doPost der Datei /funiture-master/src/main/java/com/app/mvc/acl/servlet/LoginServlet.java der Komponente Login. Durch Manipulieren des Arguments ret mit unbekannten Daten kann eine open redirect-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Dieses Produkt verzichtet auf eine Versionierung und verwendet stattdessen Rolling Releases. Deshalb sind keine Details zu betroffenen oder zu aktualisierende Versionen vorhanden."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-601", "description": "Open Redirect"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-05-17T21:31:04.058Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4838", "state": "PUBLISHED", "dateUpdated": "2025-05-19T14:35:13.558Z", "dateReserved": "2025-05-16T14:37:53.248Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-05-17T21:31:04.058Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in kanwangzjm Funiture up to 71ca0fb0658b3d839d9e049ac36429207f05329b. Affected is the function doPost of the file /funiture-master/src/main/java/com/app/mvc/acl/servlet/LoginServlet.java of the component Login. The manipulation of the argument ret leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad clasificada como problem\u00e1tica en kanwangzjm Funiture hasta la versi\u00f3n 71ca0fb0658b3d839d9e049ac36429207f05329b. La funci\u00f3n doPost del archivo /funiture-master/src/main/java/com/app/mvc/acl/servlet/LoginServlet.java del componente Login se ve afectada. La manipulaci\u00f3n del argumento ret provoca una redirecci\u00f3n abierta. Es posible ejecutar el ataque de forma remota. Se ha hecho p\u00fablico el exploit y puede que sea utilizado Este producto utiliza un sistema de entrega continua con versiones continuas. Por lo tanto, no se dispone de detalles de las versiones afectadas ni de versiones actualizadas."}], "id": "CVE-2025-4838", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-05-17T22:15:19.063", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250510-01.md"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.309306"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.309306"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.574825"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250510-01.md"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}

{}