Reconnecting to live updates…

CVE-2025-15222: Deserialization in Dromara Sa-Token

Low

VulnerabilityCVE-2025-15222cve cve-2025-15222

Published: Tue Dec 30 2025 (12/30/2025, 05:32:05 UTC)

Source: CVE Database V5

Vendor/Project: Dromara

Product: Sa-Token

Description

A vulnerability has been found in Dromara Sa-Token up to 1.44.0. This issue affects the function ObjectInputStream.readObject of the file SaSerializerTemplateForJdkUseBase64.java. Such manipulation leads to deserialization. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Technical Details

Data Version: 5.2
Assigner Short Name: VulDB
Date Reserved: 2025-12-28T16:00:29.649Z
Cvss Version: 4.0
State: PUBLISHED

Threat ID: 6953671971a94549f1a7ee55

Added to database: 12/30/2025, 5:46:01 AM

Last updated: 12/30/2025, 8:37:53 AM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.