High severityNVD Advisory· Published Sep 1, 2025· Updated Apr 15, 2026
CVE-2025-57799
CVE-2025-57799
Description
StreamVault is a multi-platform video parsing and downloading tool. Prior to version 250822, after logging into the StreamVault-system, an attacker can modify certain system parameters, construct malicious commands, execute command injection attacks against the system, and ultimately gain server privileges. Users of all versions of the StreamVault system to date who have not modified their background passwords or use weak passwords are at risk of having their systems taken over via remote command execution. This issue has been patched in version 250822.
Affected products
1Patches
28 files changed · +12 −12
backstage/src/main/resources/templates/admin/collectDataDetailList.html+1 −1 modified@@ -230,7 +230,7 @@ return { "code": 0, "msg": "", - "count": res.record.totalElements, + "count": res.record.page.totalElements, "data": res.record.content }; },
backstage/src/main/resources/templates/admin/collectDataList.html+1 −1 modified@@ -711,7 +711,7 @@ <h4>添加收藏任务</h4> startTask(); laypage({ cont: 'pager', - pages: record.totalPages, + pages: record.page.totalPages, curr:page, jump: function(obj,first){ if(!first && obj.curr != page){
backstage/src/main/resources/templates/admin/downLoaderList.html+1 −1 modified@@ -354,7 +354,7 @@ updateData(); laypage({ cont: 'pager', - pages: record.totalPages, + pages: record.page.totalPages, curr:page, jump: function(obj,first){ if(!first && obj.curr != page){
backstage/src/main/resources/templates/admin/graphicContent.html+3 −3 modified@@ -1483,9 +1483,9 @@ <h6 class="graphic-title" title="${displayTitle}">${displayTitle}</h6> function renderPagination(pageData) { console.log('渲染分页信息:', pageData); - var totalPages = pageData.totalPages || 1; - var currentPageNum = (pageData.number || 0) + 1; // 后端返回从0开始,前端显示从1开始,需要加1 - var totalElements = pageData.totalElements || 0; + var totalPages = pageData.page.totalPages || 1; + var currentPageNum = (pageData.page.number || 0) + 1; // 后端返回从0开始,前端显示从1开始,需要加1 + var totalElements = pageData.page.totalElements || 0; if (totalPages <= 1) { $('#pager').html('');
backstage/src/main/resources/templates/admin/processHistoryList.html+1 −1 modified@@ -227,7 +227,7 @@ deleteData(); laypage({ cont: 'pager', - pages: record.totalPages, + pages: record.page.totalPages, curr:page, jump: function(obj,first){ if(!first && obj.curr != page){
backstage/src/main/resources/templates/admin/videoDataList.html+1 −1 modified@@ -1035,7 +1035,7 @@ <h5>批量删除进度</h5> updateData(); laypage({ cont: 'pager', - pages: record.totalPages, + pages: record.page.totalPages, curr:page, jump: function(obj,first){ if(!first && obj.curr != page){
backstage/src/main/resources/templates/admin/videokpop.html+2 −2 modified@@ -764,10 +764,10 @@ <h5 class="text-center mb-3"><i class="mdi mdi-video"></i> 视频预览与时间 $('#mixList').html(html); // 只有在有数据时才渲染分页 - if(data.totalPages > 0) { + if(data.page.totalPages > 0) { laypage({ cont: 'pager', - pages: data.totalPages, + pages: data.page.totalPages, curr: page, jump: function(obj, first) { if(!first) {
backstage/src/main/resources/templates/video.html+2 −2 modified@@ -1011,8 +1011,8 @@ <h2 class="text-sm font-medium text-gray-700 mb-2">视频简介</h2> return { data: response.data.record.content, - totalPages: response.data.record.totalPages, - totalElements: response.data.record.totalElements, + totalPages: response.data.record.page.totalPages, + totalElements: response.data.record.page.totalElements, hasMore: hasMore }; }
1 file changed · +62 −26
backstage/src/main/java/com/flower/spirit/utils/CommandUtil.java+62 −26 modified@@ -4,6 +4,8 @@ import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; +import java.util.ArrayList; +import java.util.List; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -132,54 +134,88 @@ public static String commandos(String command) { public static String f2cmd(String cookie, String aid, String fuc, String uid, String cid, Integer maxc, String out) { - StringBuilder cmd = new StringBuilder("/opt/venv/bin/python3 /home/app/script/douyin.py "); + + List<String> cmdList = new ArrayList<>(); + cmdList.add("/opt/venv/bin/python3"); + cmdList.add("/home/app/script/douyin.py"); + switch (fuc) { case "fetch_video": - cmd.append("fetch_video ") - .append("--cookie \"").append(cookie).append("\" ") - .append("--aweme_id \"").append(aid).append("\""); + cmdList.add("fetch_video"); + cmdList.add("--cookie"); cmdList.add(cookie); + cmdList.add("--aweme_id"); cmdList.add(aid); break; case "fetch_user_like_videos": case "fetch_user_post_videos": - cmd.append(fuc).append(" ") - .append("--cookie \"").append(cookie).append("\" ") - .append("--uid \"").append(uid).append("\" ") - .append("--maxc \"").append(maxc).append("\" ") - .append("--output \"").append(out).append("\""); + cmdList.add(fuc); + cmdList.add("--cookie"); cmdList.add(cookie); + cmdList.add("--uid"); cmdList.add(uid); + cmdList.add("--maxc"); cmdList.add(String.valueOf(maxc)); + cmdList.add("--output"); cmdList.add(out); break; case "fetch_user_collects": - cmd.append("fetch_user_collects ") - .append("--cookie \"").append(cookie).append("\""); + cmdList.add("fetch_user_collects"); + cmdList.add("--cookie"); cmdList.add(cookie); break; case "fetch_user_collects_videos": - cmd.append("fetch_user_collects_videos ") - .append("--cookie \"").append(cookie).append("\" ") - .append("--cid \"").append(cid).append("\" ") - .append("--maxc \"").append(maxc).append("\" ") - .append("--output \"").append(out).append("\""); + cmdList.add("fetch_user_collects_videos"); + cmdList.add("--cookie"); cmdList.add(cookie); + cmdList.add("--cid"); cmdList.add(cid); + cmdList.add("--maxc"); cmdList.add(String.valueOf(maxc)); + cmdList.add("--output"); cmdList.add(out); break; case "fetch_user_feed_videos": - cmd.append("fetch_user_feed_videos ") - .append("--cookie \"").append(cookie).append("\" ") - .append("--uid \"").append(uid).append("\" ") - .append("--output \"").append(out).append("\""); + cmdList.add("fetch_user_feed_videos"); + cmdList.add("--cookie"); cmdList.add(cookie); + cmdList.add("--uid"); cmdList.add(uid); + cmdList.add("--output"); cmdList.add(out); break; - + case "fetch_post_data": - cmd.append("fetch_post_data ") - .append("--cookie \"").append(cookie).append("\" ") - .append("--aweme_id \"").append(aid).append("\" ") - .append("--output \"").append(out).append("\""); + cmdList.add("fetch_post_data"); + cmdList.add("--cookie"); cmdList.add(cookie); + cmdList.add("--aweme_id"); cmdList.add(aid); + cmdList.add("--output"); cmdList.add(out); break; + default: throw new IllegalArgumentException("Unsupported function: " + fuc); } - return CommandUtil.commandos(cmd.toString()); + return runCommandList(cmdList); + } + + private static String runCommandList(List<String> cmdList) { + StringBuilder output = new StringBuilder(); + Process process = null; + try { + ProcessBuilder pb = new ProcessBuilder(cmdList); + pb.redirectErrorStream(true); + process = pb.start(); + + try (BufferedReader reader = new BufferedReader( + new InputStreamReader(process.getInputStream(), "UTF-8"))) { + String line; + while ((line = reader.readLine()) != null) { + output.append(line).append("\n"); + } + } + + int exitCode = process.waitFor(); + logger.info("命令执行完毕,退出码:" + exitCode); + + } catch (IOException | InterruptedException e) { + logger.error("命令执行异常:" + e.getMessage(), e); + } finally { + if (process != null) { + process.destroy(); + } + } + return output.toString().trim(); } public static boolean deleteDirectory(String directoryPath) {
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2News mentions
0No linked articles in our index yet.