PT-2025-53632 · Dromara · Sa-Token
Yohane-Mashiro
·
Published
2025-12-28
·
Updated
2025-12-28
·
CVE-2025-15117
CVSS v3.1
3.1
Low
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
Dromara Sa-Token versions up to 1.44.0
Description
A weakness exists in Dromara Sa-Token up to version 1.44.0 related to deserialization. The issue affects the
ObjectInputStream.readObject function within the SaJdkSerializer.java file. Exploitation can lead to deserialization and may be launched remotely. The complexity of the attack is high, and exploitability is considered difficult. The vendor was contacted regarding this disclosure but did not respond.Recommendations
Versions prior to 1.44.0 should be used.
Exploit
Fix
RCE
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sa-Token