CVE-2025-9796 — LOW (3.5) — White Hats Nepal

Q: How severe is CVE-2025-9796?

CVE-2025-9796 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-9796?

Check the references section above for vendor advisories and patch information. Affected products include: Jeesite Jeesite.

Vulnerability Description

A vulnerability was found in thinkgem JeeSite up to 5.12.1. This affects the function decodeUrl2 of the file common/src/main/java/com/jeesite/common/codec/EncodeUtils.java. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 5.13.0 mitigates this issue. The patch is identified as 63773c97a56bdb3649510e83b66c16db4754965b. Upgrading the affected component is recommended.

CVSS Score

3.5

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Jeesite	Jeesite	< 5.13.0

Related Weaknesses (CWE)

CWE-94 CWE-79

References

https://github.com/thinkgem/jeesite5/commit/63773c97a56bdb3649510e83b66c16db4754Patch
https://github.com/thinkgem/jeesite5/issues/33ExploitIssue Tracking
https://github.com/thinkgem/jeesite5/issues/33#issue-3330107533ExploitIssue Tracking
https://github.com/thinkgem/jeesite5/issues/33#issuecomment-3197374560ExploitIssue Tracking
https://github.com/thinkgem/jeesite5/releases/tag/v5.13.0.springboo3Release Notes
https://vuldb.com/?ctiid.322111Permissions RequiredVDB Entry
https://vuldb.com/?id.322111Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.641125Third Party AdvisoryVDB Entry
https://github.com/thinkgem/jeesite5/issues/33ExploitIssue Tracking
https://github.com/thinkgem/jeesite5/issues/33#issue-3330107533ExploitIssue Tracking
https://github.com/thinkgem/jeesite5/issues/33#issuecomment-3197374560ExploitIssue Tracking

FAQ

What is CVE-2025-9796?

CVE-2025-9796 is a vulnerability with a CVSS score of 3.5 (LOW). A vulnerability was found in thinkgem JeeSite up to 5.12.1. This affects the function decodeUrl2 of the file common/src/main/java/com/jeesite/common/codec/EncodeUtils.java. The manipulation results in...

How severe is CVE-2025-9796?

CVE-2025-9796 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-9796?

Check the references section above for vendor advisories and patch information. Affected products include: Jeesite Jeesite.