CVE-2025-3390

CVSS 2.0 Score 4 of 10 (medium)

Details

Published Apr 8, 2025

CWE ID 94

CWE ID 79

Summary

CVE-2025-3390 is a newly disclosed vulnerability affecting hailey888's oa_system up to version 2025.01.01. The issue lies in the addandchangeday function of the DaymanageController.java file in the Backend component. Attackers can exploit this cross-site scripting (XSS) vulnerability by manipulating the scheduleList argument. This exploit can be launched remotely, and the code for it has been made public. Hailey888 uses a rolling release model, so no specific version numbers for affected or patched releases have been provided. Users are encouraged to apply the latest updates to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/5BcYhw
https://www.cve.org/CVERecord?id=CVE-2025-3390
https://nvd.nist.gov/vuln/detail/CVE-2025-3390

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2025-3390

CVSS 2.0 Score 4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations