CVE-2025-8708 in White-Jotter
Summary
by MITRE • 08/08/2025
A vulnerability was found in Antabot White-Jotter 0.22. It has been declared as critical. This vulnerability affects the function CookieRememberMeManager of the file ShiroConfiguration.java of the component com.gm.wj.config.ShiroConfiguration. The manipulation with the input EVANNIGHTLY_WAOU leads to deserialization. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 08/22/2025
CVE-2025-8708 represents a critical deserialization vulnerability within Antabot White-Jotter version 0.22 that resides in the CookieRememberMeManager function of the ShiroConfiguration.java file. This vulnerability falls under the category of insecure deserialization as classified by CWE-502, where the application improperly handles serialized data that can be manipulated by attackers. The specific input parameter EVANNIGHTLY_WAOU serves as the attack vector, allowing malicious actors to inject serialized objects that will be processed by the vulnerable deserialization mechanism. The vulnerability's critical severity classification indicates that it can lead to complete system compromise when successfully exploited.
The technical flaw stems from the application's failure to properly validate and sanitize serialized data before processing it within the CookieRememberMeManager component. This function is responsible for managing remember-me cookies in the Shiro security framework, which is commonly used for authentication persistence. When an attacker crafts a malicious serialized object using the EVANNIGHTLY_WAOU parameter, the application's deserialization process executes arbitrary code within the context of the running application. The high attack complexity and difficulty of exploitation suggest that additional prerequisites or mitigation measures may be present, but the public disclosure of the exploit means that sophisticated attackers can leverage this vulnerability effectively.
Remote exploitation capabilities make this vulnerability particularly dangerous as attackers can target the system without requiring physical access or local network presence. The attack surface extends to any user who interacts with the application's authentication mechanisms, potentially affecting all authenticated users and administrators. The exploitation of this vulnerability can result in arbitrary code execution, privilege escalation, data theft, and complete system compromise according to ATT&CK framework tactic T1059.007 for command and scripting interpreter and T1078 for valid accounts.
Organizations should immediately implement multiple layers of defense including network segmentation to limit access to affected systems, disabling unnecessary authentication features, and implementing strict input validation for all parameters that interact with serialization mechanisms. The recommended mitigations include upgrading to a patched version of Antabot White-Jotter, implementing proper serialization validation, and applying the principle of least privilege to limit the impact of successful exploitation. Security teams should also monitor network traffic for indicators of exploitation attempts and consider implementing application firewalls to block malicious serialized object traffic. The public disclosure of this exploit necessitates immediate action to protect against potential widespread attacks targeting this specific vulnerability in the Shiro framework components.