CVE-2025-3957 – Opplus Springboot-Admin SQL Injection Vulnerability

April 27, 2025

CVE ID : CVE-2025-3957

Published : April 27, 2025, 4:15 a.m. | 4 hours ago

Description : A vulnerability was found in opplus springboot-admin 1.0 and classified as critical. This issue affects some unknown processing of the file srcmainresourcesmappersysSysLogDao.xml. The manipulation of the argument order leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3958 – Withstars Books-Management-System Cross-Site Scripting Vulnerability

Next Article CVE-2025-3956 – Novel-Cloud SQL Injection Vulnerability

Highlights

CVE-2024-7096 – WSO2 SOAP Admin Privilege Escalation Vulnerability

May 30, 2025

CVE ID : CVE-2024-7096

Published : May 30, 2025, 3:15 p.m. | 2 hours, 23 minutes ago

Description : A privilege escalation vulnerability exists in multiple [Vendor Name] products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when all of the following conditions are met:
* SOAP admin services are accessible to the attacker.
* The deployment includes an internally used attribute that is not part of the default WSO2 product configuration.
* At least one custom role exists with non-default permissions.
* The attacker has knowledge of the custom role and the internal attribute used in the deployment.

Exploiting this vulnerability allows malicious actors to assign higher privileges to self-registered users, bypassing intended access control mechanisms.

Severity: 4.2 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: Across the 4th Dimension

Cursor vs GitHub Copilot (2025): Which AI Platform Wins for Your Node.js Dev Team?

NuGet adds support for Trusted Publishing

AWS launches IDE extension for building browser automation agents

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

DistroWatch Weekly, Issue 1140

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

IDC ServiceScape for Microsoft Power Apps Low-Code/No-Code Custom Application Development Services

A Stream-Oriented UI library for interactive web applications

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

CVE-2025-3957 – Opplus Springboot-Admin SQL Injection Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

OBS Studio 31.1 Adds Linux Multitrack Video Support + More

Microsoft’s Clipchamp makeover nearly complete, Stream gets fresh new face

The Three Pillars of Getting Voice AI Right: Data, Design, and Deployment

Elden Ring Nightreign Night Aspect: How to beat Heolstor the Nightlord, the final boss

CVE-2024-7096 – WSO2 SOAP Admin Privilege Escalation Vulnerability

CVE-2025-4355 – Tenda DAP-1520 Heap-Based Buffer Overflow Vulnerability

CVE-2025-23172 – “Versa Networks Director Webhook Command Execution”

CVE-2025-4213 – PHPGurukul Online Birth Certificate System SQL Injection Vulnerability

CVE-2025-3957 – Opplus Springboot-Admin SQL Injection Vulnerability

Related Posts