CVE Catalog

CVE-2025-60828

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.33%

25th percentile - higher than 25% of all known CVEs

Summary

A fastjson deserialization vulnerability was discovered in WukongCRM-9.0-JAVA via the /OaExamine/setOaExamine interface. An attacker can remotely exploit this flaw to execute arbitrary code.

Risk Assessment

The risk includes full server compromise, customer data leakage, and system disruption.

Recommendation

Immediately update WukongCRM to the latest version and apply security patches for the fastjson library.

Original NVD description (English source)

WukongCRM-9.0-JAVA was discovered to contain a fastjson deserialization vulnerability via the /OaExamine/setOaExamine interface.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS