← voltar
CVE-2025-13805

nutzam NutzBoot LiteRpc-Serializer HttpServletRpcEndpoint.java getInputStream deserialization

CVSS 6.3 MEDIUMEPSS 0.3%CWE-20CWE-502
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.3EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
01 dez 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A weakness has been identified in nutzam NutzBoot up to 2.6.0-SNAPSHOT. This affects the function getInputStream of the file nutzcloud/nutzcloud-literpc/src/main/java/org/nutz/boot/starter/literpc/impl/endpoint/http/HttpServletRpcEndpoint.java of the component LiteRpc-Serializer. Executing a manipulation can lead to deserialization. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been made available to the public and could be used for attacks.
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
Produtos afetados
nutzam · NutzBoot

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/Xzzz111/exps/blob/main/archives/nutzboot-RCE-1/report.mdhttps://github.com/Xzzz111/exps/blob/main/archives/nutzboot-RCE-1/report.md#vulnerability-details-and-pochttps://vuldb.com/?ctiid.333815https://vuldb.com/?id.333815https://vuldb.com/?submit.692053