Is CVE-2025-9796 actively exploited?

CVE-2025-9796 has no public evidence of in-the-wild exploitation as of 2026-04-29.

What is the CVSS score for CVE-2025-9796?

CVE-2025-9796 has a CVSS score of 2 (LOW severity). Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

How do I patch CVE-2025-9796?

Patch guidance is available from jeesite security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2025-9796.

CVE-2025-9796 - remediation guidance & executive summary

Description

A vulnerability was found in thinkgem JeeSite up to 5.12.1. This affects the function decodeUrl2 of the file common/src/main/java/com/jeesite/common/codec/EncodeUtils.java. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 5.13.0 mitigates this issue. The patch is identified as 63773c97a56bdb3649510e83b66c16db4754965b. Upgrading the affected component is recommended.

CVSS Metrics

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector: network
Complexity: low
Privileges: low
User Action: passive
Confidentiality: undefined
Integrity: undefined
Availability: undefined
Weaknesses: CWE-79 · Cross-site Scripting (XSS)CWE-94 · Code Injection CWE-79 · Cross-site Scripting (XSS)

Metadata

Primary Vendor: JEESITE
Published: 9/1/2025
Last Modified: 4/29/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

jeesite : jeesite

Remediation Guidance

Executive Summary

Cite this page

CVE-2025-9796. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2025-9796

View on NIST NVD

CVE-2025-9796 vulnerability