CVE-2025-15121 | JeecgBoot up to 3.9.0 getDeptRoleByUserId departId information disclosure

Uncategorized
Yanac

A vulnerability was found in JeecgBoot up to 3.9.0. It has been declared as problematic. The affected element is the function getDeptRoleByUserId of the file /sys/sysDepartRole/getDeptRoleByUserId. Such manipulation of the argument departId leads to information disclosure.

This vulnerability is listed as CVE-2025-15121. The attack must be carried out from within the local network. There is no available exploit.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More