PT-2025-53637 · Unknown · Jeecg-Boot

Huangweigang

Publicado

2025-12-28

Atualizado

2025-12-28

CVE-2025-15122

CVSS v3.1

3.1

Baixa

Vetor

AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions JeecgBoot versions up to 3.9.0

Description A flaw exists in JeecgBoot that relates to improper authorization. The issue is located in the loadDatarule function within the /sys/sysDepartRole/datarule/ file. Manipulation of the departId/roleId arguments can lead to unauthorized access. The attack can be initiated remotely and is considered difficult to exploit. The exploit is publicly available. The vendor was notified but did not respond.

Recommendations JeecgBoot versions prior to 3.9.0 should be updated.

Exploit

Correção

Incorrect Privilege Assignment

Incorrect Authorization

Improper Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-266CWE-863CWE-285

Identificadores relacionados

CVE-2025-15122

Produtos afetados

Jeecg-Boot

PT-2025-53637 · Unknown · Jeecg-Boot

CVE-2025-15122

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9