CVE-2025-2207

Name of the Vulnerable Software and Affected Versions: aitangbao springboot-manager version 3.0

Description: A problematic vulnerability was found in the code of the file /sys/dept, allowing for cross site scripting attacks through the manipulation of the name argument. The attack can be initiated remotely. Other parameters might also be affected. The vendor was contacted about this disclosure but did not respond.

Recommendations: For aitangbao springboot-manager version 3.0, as a temporary workaround, consider restricting access to the /sys/dept file until a patch is available. Avoid using the name argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.