JeecgBoot list getParameterMap improper authorization_CVE-2025-15124

2.3 / 10

LOW

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was identified in JeecgBoot up to 3.9.0. This impacts the function getParameterMap of the file /sys/sysDepartPermission/list. The manipulation of the argument departId leads to improper authorization. The attack can be initiated remotely. The attack's complexity is rated as high. The exploitability is said to be difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-15124

Source VulDB

Published Dec 28, 2025 at 06:32

Affected Product

Vendor n/a

Product JeecgBoot

Version 3.0

Affected Versions n/a JeecgBoot 3.0
n/a JeecgBoot 3.1
n/a JeecgBoot 3.2
n/a JeecgBoot 3.3
n/a JeecgBoot 3.4
n/a JeecgBoot 3.5
n/a JeecgBoot 3.6
n/a JeecgBoot 3.7
n/a JeecgBoot 3.8
n/a JeecgBoot 3.9.0

CWE Classification

CWE-285 CWE-266

References

{
    "lastseen": "",
    "description": "A vulnerability was identified in JeecgBoot up to 3.9.0. This impacts the function getParameterMap of the file /sys/sysDepartPermission/list. The manipulation of the argument departId leads to improper authorization. The attack can be initiated remotely. The attack's complexity is rated as high. The exploitability is said to be difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-12-28T06:32:06.920Z",
    "modified": "2025-12-28T06:32:06.920Z",
    "type": "cve",
    "title": "JeecgBoot list getParameterMap improper authorization",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.338502\nhttps://vuldb.com/?ctiid.338502\nhttps://vuldb.com/?submit.711776\nhttps://github.com/Hwwg/cve/issues/37",
    "id": "CVE-2025-15124",
    "bulletinFamily": "",
    "cwe": [
        "CWE-285",
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "n/a JeecgBoot 3.0\nn/a JeecgBoot 3.1\nn/a JeecgBoot 3.2\nn/a JeecgBoot 3.3\nn/a JeecgBoot 3.4\nn/a JeecgBoot 3.5\nn/a JeecgBoot 3.6\nn/a JeecgBoot 3.7\nn/a JeecgBoot 3.8\nn/a JeecgBoot 3.9.0",
    "sourceHref": "",
    "cvss": {
        "score": 2.3,
        "severity": "LOW",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "JeecgBoot",
    "version": "3.0",
    "vendor": "n/a",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}