CVE-2025-15222 | Dromara Sa-Token up to 1.44.0 SaSerializerTemplateForJdkUseBase64.java ObjectInputStream.readObject deserialization

A vulnerability, which was classified as critical, was found in Dromara Sa-Token up to 1.44.0. This issue affects the function ObjectInputStream.readObject of the file SaSerializerTemplateForJdkUseBase64.java. Such manipulation leads to deserialization.

This vulnerability is documented as CVE-2025-15222. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More