CVE Catalog
CVE-2025-60828
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk0.33%
25th percentile - higher than 25% of all known CVEs
Summary
A fastjson deserialization vulnerability was discovered in WukongCRM-9.0-JAVA via the /OaExamine/setOaExamine interface. An attacker can remotely exploit this flaw to execute arbitrary code.
Risk Assessment
The risk includes full server compromise, customer data leakage, and system disruption.
Recommendation
Immediately update WukongCRM to the latest version and apply security patches for the fastjson library.
Original NVD description (English source)
WukongCRM-9.0-JAVA was discovered to contain a fastjson deserialization vulnerability via the /OaExamine/setOaExamine interface.

