CVE-2025-15222
Published on December 30, 2025
Dromara Sa-Token SaSerializerTemplateForJdkUseBase64.java ObjectInputStream.readObject deserialization
A vulnerability has been found in Dromara Sa-Token up to 1.44.0. This issue affects the function ObjectInputStream.readObject of the file SaSerializerTemplateForJdkUseBase64.java. Such manipulation leads to deserialization. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Types
What is a Marshaling, Unmarshaling Vulnerability?
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
CVE-2025-15222 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Affected Versions
Dromara Sa-Token:- Version 1.0 is affected.
- Version 1.1 is affected.
- Version 1.2 is affected.
- Version 1.3 is affected.
- Version 1.4 is affected.
- Version 1.5 is affected.
- Version 1.6 is affected.
- Version 1.7 is affected.
- Version 1.8 is affected.
- Version 1.9 is affected.
- Version 1.10 is affected.
- Version 1.11 is affected.
- Version 1.12 is affected.
- Version 1.13 is affected.
- Version 1.14 is affected.
- Version 1.15 is affected.
- Version 1.16 is affected.
- Version 1.17 is affected.
- Version 1.18 is affected.
- Version 1.19 is affected.
- Version 1.20 is affected.
- Version 1.21 is affected.
- Version 1.22 is affected.
- Version 1.23 is affected.
- Version 1.24 is affected.
- Version 1.25 is affected.
- Version 1.26 is affected.
- Version 1.27 is affected.
- Version 1.28 is affected.
- Version 1.29 is affected.
- Version 1.30 is affected.
- Version 1.31 is affected.
- Version 1.32 is affected.
- Version 1.33 is affected.
- Version 1.34 is affected.
- Version 1.35 is affected.
- Version 1.36 is affected.
- Version 1.37 is affected.
- Version 1.38 is affected.
- Version 1.39 is affected.
- Version 1.40 is affected.
- Version 1.41 is affected.
- Version 1.42 is affected.
- Version 1.43 is affected.
- Version 1.44.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.