A vulnerability was detected in JeecgBoot up to 3.9.0. This issue affects the function queryPageList of the file /sys/sysDepartRole/list. The manipulation of the argument deptId results in improper authorization. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is assessed as difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
PUBLISHED5.2CWE-285CWE-266
JeecgBoot list queryPageList improper authorization
Problem type
Affected products
JeecgBoot
3.0 - AFFECTED
3.1 - AFFECTED
3.2 - AFFECTED
3.3 - AFFECTED
3.4 - AFFECTED
3.5 - AFFECTED
3.6 - AFFECTED
3.7 - AFFECTED
3.8 - AFFECTED
3.9.0 - AFFECTED
References
VDB-338497 | JeecgBoot list queryPageList improper authorization
https://vuldb.com/?id.338497
VDB-338497 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/?ctiid.338497
Submit #711771 | JeecgBoot 3.9.0 Improper Control of Resource Identifiers
https://vuldb.com/?submit.711771
github.com
https://github.com/Hwwg/cve/issues/32
JSON source
https://cveawg.mitre.org/api/cve/CVE-2025-15119Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2025-15119",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"dateUpdated": "2025-12-28T03:32:06.719Z",
"dateReserved": "2025-12-27T09:00:45.393Z",
"datePublished": "2025-12-28T03:32:06.719Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2025-12-28T03:32:06.719Z"
},
"title": "JeecgBoot list queryPageList improper authorization",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in JeecgBoot up to 3.9.0. This issue affects the function queryPageList of the file /sys/sysDepartRole/list. The manipulation of the argument deptId results in improper authorization. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is assessed as difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"affected": [
{
"vendor": "n/a",
"product": "JeecgBoot",
"versions": [
{
"version": "3.0",
"status": "affected"
},
{
"version": "3.1",
"status": "affected"
},
{
"version": "3.2",
"status": "affected"
},
{
"version": "3.3",
"status": "affected"
},
{
"version": "3.4",
"status": "affected"
},
{
"version": "3.5",
"status": "affected"
},
{
"version": "3.6",
"status": "affected"
},
{
"version": "3.7",
"status": "affected"
},
{
"version": "3.8",
"status": "affected"
},
{
"version": "3.9.0",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Improper Authorization",
"cweId": "CWE-285",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"lang": "en",
"description": "Incorrect Privilege Assignment",
"cweId": "CWE-266",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?id.338497",
"name": "VDB-338497 | JeecgBoot list queryPageList improper authorization",
"tags": [
"vdb-entry",
"technical-description"
]
},
{
"url": "https://vuldb.com/?ctiid.338497",
"name": "VDB-338497 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://vuldb.com/?submit.711771",
"name": "Submit #711771 | JeecgBoot 3.9.0 Improper Control of Resource Identifiers",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://github.com/Hwwg/cve/issues/32",
"tags": [
"exploit",
"issue-tracking"
]
}
],
"metrics": [
{},
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"baseScore": 3.1,
"baseSeverity": "LOW"
}
},
{
"cvssV3_0": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"baseScore": 3.1,
"baseSeverity": "LOW"
}
},
{
"cvssV2_0": {
"version": "2.0",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"baseScore": 2.1
}
}
],
"timeline": [
{
"time": "2025-12-27T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2025-12-27T01:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2025-12-27T10:06:16.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "huangweigang (VulDB User)",
"type": "reporter"
}
]
}
}
}