Home > Vulnerability Database > CVE-2025-15117

Mend.io Vulnerability Database

CVE-2025-15117

Good to know:

Date: December 27, 2025

A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function ObjectInputStream.readObject of the file SaJdkSerializer.java. Executing manipulation can lead to deserialization. The attack may be launched remotely. This attack is characterized by high complexity. It is indicated that the exploitability is difficult. The vendor was contacted early about this disclosure but did not respond in any way.

Severity Score

3.1

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-15117

Url: https://vuldb.com/?submit.711750

Url: https://vuldb.com/?ctiid.338495

Url: https://github.com/Yohane-Mashiro/Sa-Token-cve

Url: https://vuldb.com/?id.338495

Url: https://www.mend.io/vulnerability-database/CVE-2025-15117

Severity Score

3.1

Weakness Type (CWE)

Deserialization of Untrusted Data

CWE-502

Improper Input Validation

CWE-20

CVSS v3.1

Base Score:	3.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

CVSS v2

Base Score:	2.1
Access Vector (AV):	NETWORK
Access Complexity (AC):	HIGH
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2025-15117

Good to know:

Date: December 27, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?