CVE-2025-15121

A vulnerability has been found in JeecgBoot up to 3.9.0. The affected element is the function getDeptRoleByUserId of the file /sys/sysDepartRole/getDeptRoleByUserId. Such manipulation of the argument departId leads to information disclosure. The vendor was contacted early about this disclosure but did not respond in any way.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.4 LOW
ADJACENT_NETWORK
LOW
HIGH
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
VulDBCNA
2.4 LOW
CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:R
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://github.com/Hwwg/cve/issues/34
https://vuldb.com/?ctiid.338499
https://vuldb.com/?id.338499
https://vuldb.com/?submit.711773