dromara sa-token Vulnerabilities: CVEs, CISA KEV & Security Advisories

Severity and exploitation

How the CVSS severity of dromara sa-token's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical0

High1

Medium1

Low1

1 additional CVE has no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

None of dromara sa-token's CVEs are currently listed in CISA's KEV catalog.

Public exploits

3 of dromara sa-token's CVEs have a known public exploit available.

Affected versions and CVEs

Browse every dromara sa-token version named in a CVE, then pick one to see only the CVEs that affect it.

Find a version

4 CVEs

Sort

Dromara Sa-Token SaSerializerTemplateForJdkUseBase64.java ObjectInputStream.readObject deserialization
CVE-2025-15222
Public exploit
CWE-502
Medium · CVSS 5.0
EPSS 0.1% (16th pct)2025-12-30
Dromara Sa-Token SaJdkSerializer.java ObjectInputStream.readObject deserialization
CVE-2025-15117CWE-502
Low · CVSS 3.1
EPSS 0.1% (16th pct)2025-12-28
Vulnerability · 2023-10-25
CVE-2023-44794
Public exploit
Patch
CWE-284
Unscored
EPSS 2.0% (84th pct)2023-10-25
High vulnerability · 2023-10-25
CVE-2023-43961
Public exploit
Patch
CWE-863
High · CVSS 8.8
EPSS 0.1% (24th pct)2023-10-25

Severity and exploitation