PT-2025-53634 · Unknown · Jeecg-Boot
Huangweigang
·
Published
2025-12-28
·
Updated
2025-12-28
·
CVE-2025-15119
CVSS v3.1
3.1
Low
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
JeecgBoot versions up to 3.9.0
Description
A flaw exists in JeecgBoot that relates to improper authorization. This issue is present in the
queryPageList function within the /sys/sysDepartRole/list file. Manipulation of the deptId argument can lead to unauthorized access. The attack can be initiated remotely and is considered difficult to exploit. The exploit is publicly available. The vendor was informed of this issue but did not provide a response.Recommendations
Versions prior to 3.9.0 are recommended.
Exploit
Fix
Incorrect Authorization
Incorrect Privilege Assignment
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Jeecg-Boot