CVE-2025-8752 – This critical vulnerability in wangzhixuan's sp... (How to Fix)

Q: What is the severity of CVE-2025-8752?

CVE-2025-8752 has a CVSS score of 7.3 (HIGH). This critical vulnerability in wangzhixuan's spring-shiro-training allows remote attackers to execute arbitrary commands through command injection in the /role/add endpoint. The exploit is publicly available and can be used against affected systems. Users of this training software are at risk of complete system compromise.

📋 TL;DR

This critical vulnerability in wangzhixuan's spring-shiro-training allows remote attackers to execute arbitrary commands through command injection in the /role/add endpoint. The exploit is publicly available and can be used against affected systems. Users of this training software are at risk of complete system compromise.

💻 Affected Systems

Products:

wangzhixuan spring-shiro-training

Versions: All versions up to commit 94812c1fd8f7fe796c931f4984ff1aa0671ab562

Operating Systems: Any OS running the vulnerable software

Default Config Vulnerable: ⚠️ Yes

Notes: Continuous delivery model means specific version numbers aren't available - all instances before the fix commit are vulnerable.

📦 What is this software?

Spring Shiro Training by Xuanshao

View all CVEs affecting Spring Shiro Training →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining root/system-level access, data exfiltration, ransomware deployment, and persistent backdoor installation.

🟠

Likely Case

Unauthorized command execution leading to data theft, privilege escalation, and lateral movement within the network.

🟢

If Mitigated

Attack blocked at network perimeter or application firewall, with no successful exploitation.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and public exploit exists.

🏢 Internal Only: HIGH - Even internal systems are vulnerable to authenticated or network-accessible attacks.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit disclosed on Gitee issue tracker, command injection via /role/add endpoint requires some level of access to the application.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after commit 94812c1fd8f7fe796c931f4984ff1aa0671ab562

Vendor Advisory: https://gitee.com/wangzhixuan/spring-shiro-training/issues/ICP2ME

Restart Required: Yes

Instructions:

1. Pull latest code from repository after fix commit. 2. Rebuild and redeploy application. 3. Restart application server. 4. Verify fix by testing /role/add endpoint.

🔧 Temporary Workarounds

Block /role/add endpoint

all

Temporarily block access to vulnerable endpoint via web application firewall or network controls

# Example nginx config: location /role/add { deny all; }
# Example Apache: <Location /role/add> Require all denied </Location>

Input validation at proxy

linux

Implement input validation for command injection patterns at reverse proxy level

# ModSecurity rule: SecRule ARGS "[;|&`$()]" "id:1001,phase:2,deny"

🧯 If You Can't Patch

Implement strict input validation and sanitization for all user inputs to /role/add endpoint
Deploy web application firewall with command injection protection rules and restrict network access to application

🔍 How to Verify

Check if Vulnerable:

Check if your deployment uses code from before commit 94812c1fd8f7fe796c931f4984ff1aa0671ab562. Test /role/add endpoint with command injection payloads (e.g., ;id).

Check Version:

git log --oneline -1

Verify Fix Applied:

Verify code is from after fix commit. Test /role/add endpoint with command injection payloads and confirm they are rejected or sanitized.

📡 Detection & Monitoring

Log Indicators:

Unusual commands in /role/add request logs
System command execution from web application user
Failed command injection attempts in web logs

Network Indicators:

Unusual outbound connections from application server
Command and control traffic patterns
Unexpected process execution

SIEM Query:

source="web_logs" AND uri="/role/add" AND (command="*;*" OR command="*|*" OR command="*`*" OR command="*$(*)")

📊 Metadata

CVE ID: CVE-2025-8752

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-74

EPSS Score: 0.13% exploit probability (32.1th percentile)

Published: August 9, 2025

Last Updated: September 16, 2025

🔗 References

https://gitee.com/wangzhixuan/spring-shiro-training/issues/ICP2ME Exploit,Issue Tracking,Vendor Advisory
https://vuldb.com/?ctiid.319246 Permissions Required,VDB Entry
https://vuldb.com/?id.319246 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.623679 Exploit,Third Party Advisory,VDB Entry
https://gitee.com/wangzhixuan/spring-shiro-training/issues/ICP2ME Exploit,Issue Tracking,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-8752, you might also want to check these: