Vulnerability Description
A vulnerability was determined in linlinjava litemall up to 1.8.0. Affected by this issue is some unknown functionality of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/util/JwtHelper.java of the component JSON Web Token Handler. The manipulation of the argument SECRET with the input X-Litemall-Token leads to hard-coded credentials. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linlinjava | Litemall | <= 1.8.0 |
Related Weaknesses (CWE)
References
- https://github.com/linlinjava/litemall/issues/568ExploitIssue TrackingVendor Advisory
- https://github.com/linlinjava/litemall/issues/568#issue-3289860066ExploitIssue TrackingVendor Advisory
- https://vuldb.com/?ctiid.319970Permissions RequiredVDB Entry
- https://vuldb.com/?id.319970Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.628233Third Party AdvisoryVDB Entry
FAQ
What is CVE-2025-8974?
CVE-2025-8974 is a vulnerability with a CVSS score of 3.7 (LOW). A vulnerability was determined in linlinjava litemall up to 1.8.0. Affected by this issue is some unknown functionality of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/util/JwtHel...
How severe is CVE-2025-8974?
CVE-2025-8974 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-8974?
Check the references section above for vendor advisories and patch information. Affected products include: Linlinjava Litemall.