exploitDog

CVE-2025-63617

Опубликовано: 10 нояб. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

ktg-mes before commit a484f96 (2025-07-03) has a fastjson deserialization vulnerability. This is because it uses a vulnerable version of fastjson and deserializes unsafe input data.

Ссылки

https://gist.github.com/ChangeYourWay/8651679a2155269bccf520fcb34fc661
Third Party Advisory
https://github.com/ChangeYourWay/post/blob/main/ktg-mes.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kutangguo:ktg-mes:*:*:*:*:*:*:*:*

Версия до 2025-10-08 (исключая)

EPSS

Процентиль: 19%

0.00059

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-502

Связанные уязвимости

GHSA-p747-785q-73v2

CVSS3: 6.5

github

3 месяца назад

ktg-mes before commit a484f96 (2025-07-03) has a fastjson deserialization vulnerability. This is because it uses a vulnerable version of fastjson and deserializes unsafe input data.

EPSS

Процентиль: 19%

0.00059

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-502