CVE-2025-8974

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-8974

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-8974.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-8974

Published

2025-08-14T18:15:32.070Z

Modified

2025-11-20T12:40:52.554645Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability was determined in linlinjava litemall up to 1.8.0. Affected by this issue is some unknown functionality of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/util/JwtHelper.java of the component JSON Web Token Handler. The manipulation of the argument SECRET with the input X-Litemall-Token leads to hard-coded credentials. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

References

Affected packages

Git / github.com/linlinjava/litemall

Affected ranges

Type: GIT
Repo: https://github.com/linlinjava/litemall
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

97338d20928527485650def8e7681816cc7e19f4

Affected versions

v0.*

v0.1.0

v0.10.0

v0.10.1

v0.10.2

v0.2.0

v0.3.0

v0.4.0

v0.5.0

v0.6.0

v0.7.0

v0.8.0

v0.9.0

v1.*

v1.0.0

v1.0.0.rc0

v1.0.0.rc1

v1.1.0

v1.2.0

v1.3.0

v1.4.0

v1.5.0

v1.6.0

v1.6.1

v1.7.0

v1.8.0