CVE-2025-15125

Name of the Vulnerable Software and Affected Versions JeecgBoot versions up to 3.9.0

Description A security issue exists in JeecgBoot that allows for remote authorization bypass. This is due to improper authorization resulting from the manipulation of the departId argument within the queryDepartPermission function located in the file /sys/permission/queryDepartPermission. The issue is characterized by high complexity and difficult exploitability. The exploit for this issue has been publicly released and may be exploited. The vendor was contacted regarding this disclosure but did not respond.

Recommendations JeecgBoot versions prior to 3.9.0 should be updated. As a temporary workaround, consider restricting access to the /sys/permission/queryDepartPermission file or disabling the queryDepartPermission() function until a patch is available.