CVE-2025-4838 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-4838 PUBLISHED CVSS 5.300000190734863 MEDIUM

A vulnerability, which was classified as problematic, was found in kanwangzjm Funiture up to 71ca0fb0658b3d839d9e049ac36429207f05329b. Affected is the function doPost of the file /funiture-master/src/main/java/com/app/mvc/acl/servlet/LoginServlet.java of the component Login. The manipulation of the argument ret leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

EPSS 0.19% · 41.1th percentile

Risk Scores

CVSS v4.0

5.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS Score

0.19%

41.1th percentile

Affected Products

Vendor	Product	Versions
kanwangzjm	Funiture	71ca0fb0658b3d839d9e049ac36429207f05329b

Timeline

May 17, 2025 CVE Published
May 17, 2025 PoC Published
May 18, 2025 EPSS Score
May 18, 2025 PoC Published
May 29, 2025 EPSS Score
Jun 8, 2025 EPSS Score
Jun 19, 2025 EPSS Score
Jun 30, 2025 EPSS Score
Jul 11, 2025 EPSS Score
Jul 21, 2025 EPSS Score
Aug 1, 2025 EPSS Score
Aug 12, 2025 EPSS Score

References

Open in Interactive Console →