Opplus Spring Boot Admin Critical Deserialization Vulnerability in SysGeneratorController

Vulnerability

A critical deserialization vulnerability has been identified in Opplus Spring Boot Admin versions prior to commit a2d5310f44fd46780a8686456cf2f9001ab8f024. The issue arises in the SysGeneratorController.java file, where improper handling of the Tables argument allows for remote deserialization attacks. This vulnerability has been publicly disclosed and could be exploited in the wild.

Impact

Exploitation of this vulnerability leads to arbitrary code execution on the server where Opplus Spring Boot Admin is running.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Opplus Spring Boot Admin Critical Deserialization Vulnerability in SysGeneratorController

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating