CVE-2025-8527 – Exrick xboot Swagger Server-Side Request Forgery (SSRF) Vulnerability

August 4, 2025

CVE ID : CVE-2025-8527

Published : Aug. 4, 2025, 10:15 p.m. | 1 hour, 28 minutes ago

Description : A vulnerability was found in Exrick xboot up to 3.3.4. It has been rated as critical. This issue affects some unknown processing of the file xboot-fast/src/main/java/cn/exrick/xboot/modules/base/controller/common/SecurityController.java of the component Swagger. The manipulation of the argument loginUrl leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-27211 – EdgeMAX EdgeSwitch Command Injection Vulnerability

Next Article CVE-2025-8528 – Exrick xboot Exposed Sensitive Information Cookie Storage

Highlights

CVE-2025-5686 – WordPress Paged Gallery Stored Cross-Site Scripting Vulnerability

June 6, 2025

CVE ID : CVE-2025-5686

Published : June 6, 2025, 7:15 a.m. | 33 minutes ago

Description : The Paged Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘gallery’ shortcode in all versions up to, and including, 0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

15 Essential Skills to Look for When Hiring Node.js Developers for Enterprise Projects (2025-2026)

African training program creates developers with cloud-native skills

React.js for SaaS Platforms: How Top Development Teams Help Startups Launch Faster

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

LastPass can now warn or block logins to shadow SaaS apps – here’s how

Get up to a year of Adobe Creative Cloud access for 40% off

Got 6 hours? This free AI training from Google and Goodwill can boost your resume today

Why I recommend this budget phone with a paper-like screen over ‘minimalist’ devices

Laravel Boost, your AI coding starter kit

Laravel Boost, your AI coding starter kit

Using GitHub Copilot in VS Code

Optimizely Mission Control – Part I

Top 20 kubectl Commands Every Kubernetes Beginner Must Know

Top 20 kubectl Commands Every Kubernetes Beginner Must Know

Microsoft’s record stock run collides with Nadella’s admission that 15,000 layoffs still ‘hurt’

Microsoft and Adobe Power Up Fantasy Premier League Fans with AI – Here’s How

CVE-2025-8527 – Exrick xboot Swagger Server-Side Request Forgery (SSRF) Vulnerability

PlayPraetor Android Trojan Infects 11,000+ Devices via Fake Google Play Pages and Meta Ads

The Wild West of Shadow IT

CVE-2025-47655 – themarketer2023 CSRF Stored XSS Vulnerability

Bolt.new: Web Creation at the Speed of Thought

Redox OS: Ultime Novità di Aprile 2025

Salesforce AI Released APIGen-MT and xLAM-2-fc-r Model Series: Advancing Multi-Turn Agent Training with Verified Data Pipelines and Scalable LLM Architectures

CVE-2025-5686 – WordPress Paged Gallery Stored Cross-Site Scripting Vulnerability

CVE-2025-54075 – Nuxtjs MDC Stored Cross-Site Scripting (Remote Script-Inclusion)

CVE-2025-48047 – NetFax Server Command Injection Vulnerability

KDE Plasma Adding Auto Day/Night Theme Switching

CVE-2025-8527 – Exrick xboot Swagger Server-Side Request Forgery (SSRF) Vulnerability

Related Posts