CVE-2025-60830 – Redragon ERP v1.0 contains a Shiro deserializat... (How to Fix)

Q: What is the severity of CVE-2025-60830?

CVE-2025-60830 has a CVSS score of 6.5 (MEDIUM). Redragon ERP v1.0 contains a Shiro deserialization vulnerability due to the use of default Shiro cryptographic keys. This allows attackers to execute arbitrary code on affected systems by crafting malicious serialized objects. Organizations running Redragon ERP v1.0 are affected.

📋 TL;DR

Redragon ERP v1.0 contains a Shiro deserialization vulnerability due to the use of default Shiro cryptographic keys. This allows attackers to execute arbitrary code on affected systems by crafting malicious serialized objects. Organizations running Redragon ERP v1.0 are affected.

💻 Affected Systems

Products:

redragon-erp

Versions: v1.0

Operating Systems: Any OS running Java

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects installations using default Shiro configuration with hardcoded keys.

📦 What is this software?

Redragon Erp by Redragon Erp

View all CVEs affecting Redragon Erp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and lateral movement within the network.

🟠

Likely Case

Unauthenticated remote code execution allowing attackers to gain shell access and deploy malware.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent exploitation attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires knowledge of Shiro deserialization techniques and default key exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.1 or later

Vendor Advisory: https://github.com/Yyjccc/document/blob/main/redragon-erp/redragon-erp.md

Restart Required: Yes

Instructions:

1. Upgrade to Redragon ERP v1.1 or later. 2. Restart the application server. 3. Verify the Shiro configuration uses unique cryptographic keys.

🔧 Temporary Workarounds

Change Shiro cryptographic keys

all

Replace default Shiro keys with unique, strong cryptographic keys

Modify shiro.ini or equivalent configuration file to set custom cipherKey and rememberMe.cipherKey

🧯 If You Can't Patch

Implement strict network access controls to limit access to Redragon ERP
Deploy WAF rules to block Shiro deserialization payloads

🔍 How to Verify

Check if Vulnerable:

Check if Redragon ERP v1.0 is installed and review Shiro configuration for default keys

Check Version:

Check application manifest or version file in installation directory

Verify Fix Applied:

Verify application version is v1.1+ and Shiro configuration uses custom cryptographic keys

📡 Detection & Monitoring

Log Indicators:

Java deserialization errors in application logs
Unusual rememberMe cookie patterns

Network Indicators:

HTTP requests with crafted rememberMe cookies
Unusual outbound connections from application server

SIEM Query:

source="application.logs" AND ("deserialization" OR "rememberMe")

📊 Metadata

CVE ID: CVE-2025-60830

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE: CWE-502

EPSS Score: 0.11% exploit probability (30.2th percentile)

Published: October 8, 2025

Last Updated: October 10, 2025

🔗 References

https://gist.github.com/ChangeYourWay/3b3d3dd5727272c435f1b1f6c17b7181 Third Party Advisory
https://github.com/Yyjccc/document/blob/main/redragon-erp/redragon-erp.md Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-60830, you might also want to check these: