CVE-2025-8708 – This vulnerability in Antabot White-Jotter 0.22... (How to Fix)

Q: What is the severity of CVE-2025-8708?

CVE-2025-8708 has a CVSS score of 5.0 (MEDIUM). This vulnerability in Antabot White-Jotter 0.22 allows remote attackers to execute arbitrary code through deserialization of untrusted data in the CookieRememberMeManager function. It affects systems running White-Jotter with the vulnerable Shiro configuration component. The attack complexity is high but exploitation is possible with publicly disclosed information.

📋 TL;DR

This vulnerability in Antabot White-Jotter 0.22 allows remote attackers to execute arbitrary code through deserialization of untrusted data in the CookieRememberMeManager function. It affects systems running White-Jotter with the vulnerable Shiro configuration component. The attack complexity is high but exploitation is possible with publicly disclosed information.

💻 Affected Systems

Products:

Antabot White-Jotter

Versions: 0.22

Operating Systems: Any OS running White-Jotter

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default Shiro configuration component com.gm.wj.config.ShiroConfiguration

📦 What is this software?

White Jotter by Antabot

View all CVEs affecting White Jotter →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and lateral movement within the network.

🟠

Likely Case

Authentication bypass and session hijacking allowing unauthorized access to the White-Jotter application.

🟢

If Mitigated

Limited impact with proper input validation and deserialization controls in place.

🌐 Internet-Facing: HIGH - Attack can be initiated remotely without authentication.

🏢 Internal Only: MEDIUM - Requires network access but exploitation complexity reduces likelihood.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: HIGH

Exploit has been publicly disclosed but exploitation appears difficult according to vulnerability description.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check GitHub issues for updated version

Vendor Advisory: https://github.com/Antabot/White-Jotter/issues/161

Restart Required: Yes

Instructions:

1. Check GitHub issue #161 for patch details. 2. Update to patched version. 3. Restart White-Jotter application. 4. Verify fix implementation.

🔧 Temporary Workarounds

Disable RememberMe functionality

all

Temporarily disable the vulnerable CookieRememberMeManager function

Modify ShiroConfiguration.java to remove or disable CookieRememberMeManager

Implement input validation

all

Add validation for deserialization inputs to prevent malicious payloads

Implement whitelist for deserialization classes in Shiro configuration

🧯 If You Can't Patch

Implement network segmentation to isolate White-Jotter instances
Deploy WAF rules to block deserialization attack patterns

🔍 How to Verify

Check if Vulnerable:

Check if running White-Jotter version 0.22 and examine ShiroConfiguration.java for vulnerable CookieRememberMeManager implementation

Check Version:

Check application version in White-Jotter configuration or deployment files

Verify Fix Applied:

Verify that CookieRememberMeManager has been patched or replaced with secure implementation

📡 Detection & Monitoring

Log Indicators:

Unusual deserialization errors
Failed authentication attempts with RememberMe tokens
Unexpected process execution

Network Indicators:

HTTP requests with suspicious RememberMe cookie values
Unusual outbound connections from White-Jotter server

SIEM Query:

source="white-jotter-logs" AND (error="deserialization" OR cookie="EVANNIGHTLY_WAOU")

📊 Metadata

CVE ID: CVE-2025-8708

CVSS v3 Score: 5.0 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-20

EPSS Score: 0.06% exploit probability (19.1th percentile)

Published: August 8, 2025

Last Updated: August 21, 2025

🔗 References

https://github.com/Antabot/White-Jotter/issues/161 Exploit,Issue Tracking
https://github.com/Antabot/White-Jotter/issues/161#issue-3254420874 Exploit,Issue Tracking
https://vuldb.com/?ctiid.319138 Permissions Required,VDB Entry
https://vuldb.com/?id.319138 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.621105 Third Party Advisory,VDB Entry
https://github.com/Antabot/White-Jotter/issues/161#issue-3254420874 Exploit,Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-8708, you might also want to check these: