CVE-2025-15121

Summary

A vulnerability has been found in JeecgBoot up to 3.9.0. The affected element is the function getDeptRoleByUserId of the file /sys/sysDepartRole/getDeptRoleByUserId. Such manipulation of the argument departId leads to information disclosure. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
n/aJeecgBoot3.0affected
n/aJeecgBoot3.1affected
n/aJeecgBoot3.2affected
n/aJeecgBoot3.3affected
n/aJeecgBoot3.4affected
n/aJeecgBoot3.5affected
n/aJeecgBoot3.6affected
n/aJeecgBoot3.7affected
n/aJeecgBoot3.8affected
n/aJeecgBoot3.9.0affected

Weaknesses

  • CWE-200: Information Disclosure
  • CWE-284: Improper Access Controls

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References