Primary

Context

Redragon ERP Shiro Deserialization Vulnerability Allowing Code Execution

Vulnerability

A Shiro deserialization vulnerability has been identified in Redragon ERP version 1.0. This vulnerability arises from the hardcoding of Shiro keys, which can lead to unauthorized code execution. The issue occurs when the application is run in SpringBoot mode.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server where Redragon ERP is hosted.

Reproduction

To reproduce this vulnerability, deploy Redragon ERP version 1.0 in SpringBoot mode. The application will be vulnerable due to the default Shiro key that is hardcoded, allowing for deserialization attacks that can lead to code execution.

Added: Oct 8, 2025, 2:19 PM

Updated: Oct 8, 2025, 8:09 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.7

remediation

0.0

relevance

0.7

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.7

remediation

0.0

relevance

0.7

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Redragon ERP Shiro Deserialization Vulnerability Allowing Code Execution

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating