CVE-2025-15125 | JeecgBoot up to 3.9.0 queryDepartPermission departId improper authorization

A vulnerability labeled as problematic has been found in JeecgBoot up to 3.9.0. Affected is the function queryDepartPermission of the file /sys/permission/queryDepartPermission. The manipulation of the argument departId results in improper authorization.

This vulnerability is reported as CVE-2025-15125. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More