CVE-2025-8527

Name of the Vulnerable Software and Affected Versions Exrick xboot versions through 3.3.4

Description A critical vulnerability exists in Exrick xboot related to the Swagger component. The issue involves server-side request forgery (SSRF) resulting from the manipulation of the loginUrl argument within the SecurityController.java file located at xboot-fast/src/main/java/cn/exrick/xboot/modules/base/controller/common/. This manipulation allows for remote attacks. The exploit for this vulnerability has been publicly disclosed.

Recommendations Versions prior to 3.3.5: At the moment, there is no information about a newer version that contains a fix for this vulnerability.