PT-2025-39460 · Unknown · Jeecg-Boot

Lucasg2G

Publicado

2025-09-25

Atualizado

2025-09-26

CVE-2025-10976

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions JeecgBoot versions prior to 3.8.2

Description A flaw exists in JeecgBoot that involves improper authorization. This issue stems from manipulating the departId argument in the processing of the file '/api/getDepartUserList' API endpoint. The attack can be carried out remotely and is considered difficult to exploit, but the exploit has been publicly disclosed. The vendor was informed about this issue but did not provide a response.

Recommendations Update JeecgBoot to a version later than 3.8.2.

Exploit

Correção

Incorrect Privilege Assignment

Improper Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-266CWE-285

Identificadores relacionados

CVE-2025-10976

Produtos afetados

Jeecg-Boot

PT-2025-39460 · Unknown · Jeecg-Boot

CVE-2025-10976

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10