CVE-2025-15117 | Dromara Sa-Token up to 1.44.0 SaJdkSerializer.java ObjectInputStream.readObject deserialization

A vulnerability, which was classified as critical, was found in Dromara Sa-Token up to 1.44.0. This affects the function ObjectInputStream.readObject of the file SaJdkSerializer.java. Executing manipulation can lead to deserialization.

The identification of this vulnerability is CVE-2025-15117. The attack may be launched remotely. There is no exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More