CVE-2025-3957: opplus springboot-admin SysLogDao.xml sql injection
First published: Sun Apr 27 2025(Updated: )
A vulnerability was found in opplus springboot-admin 1.0 and classified as critical. This issue affects some unknown processing of the file \src\main\resources\mapper\sys\SysLogDao.xml. The manipulation of the argument order leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Spring Boot Admin | ||
| Spring Boot Admin | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-3957?
CVE-2025-3957 is classified as a critical vulnerability.
What software is affected by CVE-2025-3957?
CVE-2025-3957 affects the opplus springboot-admin version 1.0.
What type of vulnerability is CVE-2025-3957?
CVE-2025-3957 is categorized as a SQL injection vulnerability.
How do I mitigate CVE-2025-3957?
To mitigate CVE-2025-3957, review and sanitize input parameters in the affected SysLogDao.xml file.
Can CVE-2025-3957 be exploited remotely?
Yes, CVE-2025-3957 can be initiated remotely, allowing attackers to exploit the vulnerability from a distance.
- agent/references
- agent/title
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/type
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/severity
- agent/author
- agent/event
- agent/source
- agent/tags
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/nvd-api
- source/NVD
- vendor/opplus
- canonical/spring boot admin
- version/spring boot admin/1.0