CVE-2025-15121

Name of the Vulnerable Software and Affected Versions JeecgBoot versions up to 3.9.0

Description A flaw exists in JeecgBoot that allows information disclosure. The issue is related to the getDeptRoleByUserId function located in the /sys/sysDepartRole/getDeptRoleByUserId file. Manipulation of the departId argument can lead to unauthorized information disclosure. The vendor was contacted regarding this issue but did not provide a response.

Recommendations Versions prior to 3.9.0 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.