Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

CVE-2025-31129 PoC — jooby-pac4j: deserialization of untrusted data

Source
https://github.com/cwm1123/CVE-2025-31129
Associated Vulnerability
Title:jooby-pac4j: deserialization of untrusted data (CVE-2025-31129)
Description:Jooby is a web framework for Java and Kotlin. The pac4j io.jooby.internal.pac4j.SessionStoreImpl#get module deserializes untrusted data. This vulnerability is fixed in 2.17.0 (2.x) and 3.7.0 (3.x).
Readme
# CVE-2025-31129
exploits for CVE-2025-31129
File Snapshot

 [4.0K]  /data/pocs/f511e46739b583d69fde0226ddf3c85ee35717e3
├── [ 878]  pom.xml
├── [  45]  README.md
└── [4.0K]  src
    └── [4.0K]  main
        └── [4.0K]  java
            ├── [ 124]  compile.java
            └── [4.0K]  org
                ├── [4.0K]  apache
                │   └── [4.0K]  commons
                │       └── [4.0K]  collections
                │           └── [4.0K]  functors
                │               └── [ 190]  evil.java
                └── [4.0K]  example
                    └── [5.7K]  Main.java

9 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →