PT-2025-39460 · Unknown · Jeecg-Boot
Lucasg2G
·
Published
2025-09-25
·
Updated
2025-09-26
·
CVE-2025-10976
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
JeecgBoot versions prior to 3.8.2
Description
A flaw exists in JeecgBoot that involves improper authorization. This issue stems from manipulating the
departId argument in the processing of the file '/api/getDepartUserList' API endpoint. The attack can be carried out remotely and is considered difficult to exploit, but the exploit has been publicly disclosed. The vendor was informed about this issue but did not provide a response.Recommendations
Update JeecgBoot to a version later than 3.8.2.
Exploit
Fix
Incorrect Privilege Assignment
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Jeecg-Boot