CVE-2025-7759

Name of the Vulnerable Software and Affected Versions thinkgem JeeSite versions up to 5.12.0

Description A critical vulnerability exists in thinkgem JeeSite. The issue is located in an unknown part of the file modules/core/src/main/java/com/jeesite/common/ueditor/ActionEnter.java within the UEditor Image Grabber component. Manipulation of the Source argument leads to server-side request forgery, allowing for remote attacks. The exploit has been publicly disclosed.

Recommendations Apply the patch with identifier 1c5e49b0818037452148e0f8ff69ed04cb8fefdc to resolve this issue.