Improper Authorization in JeecgBoot Affects Remote Access Security
CVE-2025-15123

2.3LOW

Key Information:

Vendor

Jeecg

Status
Jeecgboot
Vendor
CVE Published:
28 December 2025

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2025-15123?

A vulnerability has been identified in JeecgBoot versions up to 3.9.0, specifically within an unknown function related to the file /sys/sysDepartPermission/datarule/. This flaw allows for improper authorization, enabling potential malicious actors to manipulate access controls remotely. The complexity of the attack is notably high, making exploitation challenging; however, the flaw has been disclosed publicly, increasing the urgency for mitigation. The vendor was alerted to this issue prior but did not respond, underscoring the need for stakeholders to address this vulnerability proactively.

Affected Version(s)

JeecgBoot 3.0

JeecgBoot 3.1

JeecgBoot 3.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-15123 - Proof of Concept

References

https://vuldb.com/?id.338501
vdb-entry
https://vuldb.com/?ctiid.338501
signaturepermissions-required
https://vuldb.com/?submit.711775
third-party-advisory

CVSS V4

Score:
2.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

huangweigang (VulDB User)
JSON
.
CVE-2025-15123 : Improper Authorization in JeecgBoot Affects Remote Access Security