CAS — Vulnerabilities & Security Advisories 10

All 10 CVE vulnerabilities found in CAS, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-3986	Apereo CAS CasConfigurationMetadataServerController.java redos CWE-1333	4.3	Medium	2025-04-27
CVE-2025-3985	Apereo CAS ResponseEntity redos CWE-1333	2.7	Low	2025-04-27
CVE-2025-3984	Apereo CAS Groovy Code RegisteredServiceSimpleFormController.java saveService code injection CWE-94	5.0	Medium	2025-04-27
CVE-2024-11209	Apereo CAS 2FA login improper authentication CWE-287	6.3	Medium	2024-11-14
CVE-2024-11208	Apereo CAS login session expiration CWE-613	3.7	Low	2024-11-14
CVE-2024-11207	Apereo CAS login redirect CWE-601	4.3	Medium	2024-11-14
CVE-2024-4399	CAS <= 1.0.0 - Unauthenticated SSRF	9.1^AI	Critical^AI	2024-05-23
CVE-2024-4388	CAS <= 1.0.0 - Unauthenticated Arbitrary File Access	7.5^AI	High^AI	2024-05-23
CVE-2023-4612	MFA bypass in Apereo CAS CWE-302	9.1	-	2023-11-09
CVE-2023-28857	LDAP password leak in Apereo CAS - GHSL-2023-009 CWE-200	4.0	Medium	2023-06-27

All 10 known CVE vulnerabilities affecting CAS with full Chinese analysis, references, and POCs where available.