JeeSite <=5.12.0 open redirect via ServletUtils.redirectUrl (CVE-2025-7863)
CVE-2025-7863 Published on July 20, 2025
thinkgem JeeSite ServletUtils.java redirectUrl
A vulnerability was found in thinkgem JeeSite up to 5.12.0 and classified as problematic. Affected by this issue is the function redirectUrl of the file src/main/java/com/jeesite/common/web/http/ServletUtils.java. The manipulation of the argument url leads to open redirect. The attack may be launched remotely. The name of the patch is 3d06b8d009d0267f0255acc87ea19d29d07cedc3. It is recommended to apply a patch to fix this issue.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Type
What is an Open Redirect Vulnerability?
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks. An http parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Because the server name in the modified link is identical to the original site, phishing attempts have a more trustworthy appearance.
CVE-2025-7863 has been classified to as an Open Redirect vulnerability or weakness.
Affected Versions
thinkgem JeeSite:- Version 5.0 is affected.
- Version 5.1 is affected.
- Version 5.2 is affected.
- Version 5.3 is affected.
- Version 5.4 is affected.
- Version 5.5 is affected.
- Version 5.6 is affected.
- Version 5.7 is affected.
- Version 5.8 is affected.
- Version 5.9 is affected.
- Version 5.10 is affected.
- Version 5.11 is affected.
- Version 5.12.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.