CVE-2025-10976 | JeecgBoot up to 3.8.2 /api/getDepartUserList departId improper authorization

A vulnerability labeled as critical has been found in JeecgBoot up to 3.8.2. This issue affects some unknown processing of the file /api/getDepartUserList. Executing manipulation of the argument departId can lead to improper authorization.

This vulnerability is handled as CVE-2025-10976. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More