CVE-2025-3413HIGH 8.8EPSS p35.3%

CVE-2025-3413CVE-2025-3413

Description

A vulnerability has been found in opplus springboot-admin up to a2d5310f44fd46780a8686456cf2f9001ab8f024 and classified as critical. Affected by this vulnerability is the function code of the file SysGeneratorController.java. The manipulation of the argument Tables leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.44% probability of exploitation · percentile 35.3% · 2026-06-19T12:03:05Z
Published2025-04-08
Last modified2025-10-16

Underlying weaknesses· 2

CWE-20CWE-502

References

  1. https://github.com/mapl3miss/Vul/blob/main/Vul.md
  2. https://vuldb.com/?ctiid.303691
  3. https://vuldb.com/?id.303691
  4. https://vuldb.com/?submit.545374
  5. https://github.com/mapl3miss/Vul/blob/main/Vul.md

2

TypeTargetConfidenceTier
WeaknessImproper Input Validationcwe-200%live
WeaknessDeserialization of Untrusted Datacwe-5020%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-3957
CVE
CVE-2025-44034
CVE
CVE-2025-44033
CVE
CVE-2025-4019
CVE
CVE-2025-4494
CVE
CVE-2025-5679
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.