CVE-2025-4839 — LOW (3.1) — White Hats Nepal

Vulnerability Description

A vulnerability has been found in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /paicoding-core/src/main/java/com/github/paicoding/forum/core/util/CrossUtil.java. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

CVSS Score

3.1

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Itwanger	Paicoding	1.0.0

Related Weaknesses (CWE)

CWE-346 CWE-942

References

https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250510-02.mdExploit
https://vuldb.com/?ctiid.309307Permissions RequiredVDB Entry
https://vuldb.com/?id.309307Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.574826Third Party AdvisoryVDB Entry
https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250510-02.mdExploit

FAQ

What is CVE-2025-4839?

CVE-2025-4839 is a vulnerability with a CVSS score of 3.1 (LOW). A vulnerability has been found in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /paicoding-core/src/m...

How severe is CVE-2025-4839?

CVE-2025-4839 has been rated LOW with a CVSS base score of 3.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-4839?

Check the references section above for vendor advisories and patch information. Affected products include: Itwanger Paicoding.