SQL Injection Vulnerability in JeecgBoot by Jeecg
CVE-2025-51825

6.5MEDIUM

Key Information:

Vendor: Jeecg
Status: JeecgBoot
Vendor: CVE Published:; 22 August 2025

What is CVE-2025-51825?

JeecgBoot versions ranging from 3.4.3 to 3.8.0 are subject to a SQL injection vulnerability discovered in the endpoint /jeecg-boot/online/cgreport/head/parseSql. This flaw permits attackers to circumvent SQL blacklist restrictions, potentially leading to unauthorized access to sensitive data and database manipulation. Security measures should be implemented to mitigate the risks posed by this vulnerability.

References

https://github.com/jeecgboot/JeecgBoot/issues/8335

https://r4gd0ll.github.io/2025/JEECGBOOT_BYPASS_SQLInject...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 22, 2025
Vulnerability Reserved
Jun 16, 2025

JSON