Home > Vulnerability Database > CVE-2025-8974

Mend.io Vulnerability Database

CVE-2025-8974

Good to know:

Date: August 14, 2025

A vulnerability was determined in linlinjava litemall up to 1.8.0. Affected by this issue is some unknown functionality of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/util/JwtHelper.java of the component JSON Web Token Handler. The manipulation of the argument SECRET with the input X-Litemall-Token leads to hard-coded credentials. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Severity Score

3.7

Related Resources (7)

Url: https://github.com/linlinjava/litemall/issues/568#issue-3289860066

Url: https://vuldb.com/?submit.628233

Url: https://github.com/linlinjava/litemall/issues/568

Url: https://vuldb.com/?id.319970

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-8974

Url: https://vuldb.com/?ctiid.319970

Url: https://www.mend.io/vulnerability-database/CVE-2025-8974

Severity Score

3.7

Weakness Type (CWE)

Use of Hard-coded Credentials

CWE-798

Use of Hard-coded Password

CWE-259

Top Fix

Upgrade Version

Upgrade to version https://github.com/linlinjava/litemall.git - no_fix

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	2.6
Access Vector (AV):	NETWORK
Access Complexity (AC):	HIGH
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2025-8974

Good to know:

Date: August 14, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?