CVE-2025-14908

Name of the Vulnerable Software and Affected Versions JeecgBoot versions up to 3.9.0

Description A security flaw exists in JeecgBoot that allows for improper authentication. The issue is related to the manipulation of the ID argument within an unknown function in the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTenantController.java, specifically within the Multi-Tenant Management Module. This flaw can be exploited remotely. The exploit has been publicly released.

Recommendations Apply the patch e1c8f00bf2a2e0edddbaa8119afe1dc92d9dc1d2/67795493bdc579e489d3ab12e52a1793c4f8a0ee to resolve this issue.