CVE-2025-8807

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-8807

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-8807.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-8807

Published

2025-08-10T12:15:30.290Z

Modified

2025-11-16T15:37:26.000840Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability was found in xujeff tianti 天梯 up to 2.3. It has been declared as critical. This vulnerability affects unknown code of the file /tianti-module-admin/user/ajax/save. The manipulation leads to missing authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

Affected packages

Git / github.com/xujeff/tianti

Affected ranges

Type: GIT
Repo: https://github.com/xujeff/tianti
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

dd545065a4bc685c2e9dfb8898c477bc6d194075

Affected versions

1.*

1.0.0

1.1.0

1.2.0

2.*

2.0

2.0.0

2.1.0

2.2.0

2.3