thinkgem JeeSite CVE-2025-7759
LOWSeverity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability was identified in thinkgem JeeSite up to 5.12.0. This vulnerability affects unknown code of the file modules/core/src/main/java/com/jeesite/common/ueditor/ActionEnter.java of the component UEditor Image Grabber. Such manipulation of the argument Source leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be used. The name of the patch is 1c5e49b0818037452148e0f8ff69ed04cb8fefdc. It is advisable to implement a patch to correct this issue.
AnalysisAI
Server-side request forgery (SSRF) in thinkgem JeeSite up to version 5.12.0 allows authenticated remote attackers to manipulate the Source argument in the UEditor Image Grabber component (ActionEnter.java), enabling arbitrary HTTP requests from the vulnerable server with low confidentiality, integrity, and availability impact. Publicly available exploit code exists, and a patch has been released by the vendor.
Technical ContextAI
The vulnerability exists in the UEditor Image Grabber component within ActionEnter.java, which handles image downloading functionality. UEditor is a popular web-based rich text editor. The SSRF flaw (CWE-918) occurs because the component fails to properly validate or sanitize the 'Source' parameter before using it in server-side HTTP requests. This allows an authenticated user to specify arbitrary URLs, causing the JeeSite server to make requests to internal or external systems on behalf of the attacker. The vulnerability affects JeeSite versions up to 5.12.0, as indicated by the affected CPE: cpe:2.3:a:jeesite:jeesite:*:*:*:*:*:*:*:*.
RemediationAI
Upgrade JeeSite to a version patched after commit 1c5e49b0818037452148e0f8ff69ed04cb8fefdc (the fix is available at https://github.com/thinkgem/jeesite5/commit/1c5e49b0818037452148e0f8ff69ed04cb8fefdc). The patch should be applied to all instances running version 5.12.0 or earlier. If immediate patching is not feasible, implement compensating controls: (1) restrict network access from the JeeSite application server to internal and sensitive resources using firewall rules and egress filtering-block outbound connections to private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) and restrict access to internal services; (2) disable or restrict use of the UEditor Image Grabber feature if not required, or limit it to trusted file sources only; (3) implement strict authentication and authorization checks to ensure only trusted users can interact with image upload/download endpoints; (4) apply network-level monitoring to detect anomalous outbound requests from the application server that might indicate SSRF exploitation. These controls reduce exploitability but do not eliminate the underlying vulnerability.
More from same product – last 7 days
Local denial of service in Android's PackageInstaller subsystem stems from a logic error in PackageInstallerSession.tran
Remote code execution in Spring for GraphQL versions 1.3.0-1.3.8, 1.4.0-1.4.5, and 2.0.0-2.0.3 allows unauthenticated at
NoSQL/query injection in Spring AI Vector Stores (1.0.0-1.0.8 and 1.1.0-1.1.7) allows remote unauthenticated attackers t
Origin validation failure in Spring Cloud Gateway (WebMVC and WebFlux Server variants) allows remote attackers to spoof
Server-Side Request Forgery in Spring Web Services (versions 3.1.0-3.1.8, 4.0.0-4.0.18, 4.1.0-4.1.3, and 5.0.0-5.0.1) al
Share
External POC / Exploit Code
Leaving vuln.today