PT-2025-53637 · Unknown · Jeecg-Boot
Huangweigang
·
Published
2025-12-28
·
Updated
2025-12-28
·
CVE-2025-15122
CVSS v3.1
3.1
Low
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
JeecgBoot versions up to 3.9.0
Description
A flaw exists in JeecgBoot that relates to improper authorization. The issue is located in the
loadDatarule function within the /sys/sysDepartRole/datarule/ file. Manipulation of the departId/roleId arguments can lead to unauthorized access. The attack can be initiated remotely and is considered difficult to exploit. The exploit is publicly available. The vendor was notified but did not respond.Recommendations
JeecgBoot versions prior to 3.9.0 should be updated.
Exploit
Fix
Incorrect Privilege Assignment
Incorrect Authorization
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Jeecg-Boot