CVE-2025-5186

Name of the Vulnerable Software and Affected Versions thinkgem JeeSite versions up to 5.11.1

Description A critical issue affects the function ResourceLoader.getResource of the file /cms/fileTemplate/form in the component URI Scheme Handler. The manipulation of the argument Name leads to server-side request forgery. This issue can be exploited remotely.

Recommendations For thinkgem JeeSite versions up to 5.11.1, as a temporary workaround, consider restricting access to the ResourceLoader.getResource function until a patch is available. Avoid using the argument Name in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.