← Back

CVE-2025-14908

nvd nist
Published: Dec 19, 2025Modified: Apr 29, 2026

JSON object

Loading...
2.1
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: CNA (Secondary)

Description

A security flaw has been discovered in JeecgBoot up to 3.9.0. The affected element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTenantController.java of the component Multi-Tenant Management Module. Performing manipulation of the argument ID results in improper authentication. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. The patch is named e1c8f00bf2a2e0edddbaa8119afe1dc92d9dc1d2/67795493bdc579e489d3ab12e52a1793c4f8a0ee. It is recommended to apply a patch to fix this issue.

Affected (1)

Products: Jeecg: Jeecg Boot
Jeecg
1 product
Jeecg Boot
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Jeecg Boot
Up to 3.9.0

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (5)

Source: cna@vuldb.com
Patch
Source: cna@vuldb.com
ExploitIssue TrackingThird Party Advisory
Source: cna@vuldb.com
Third Party AdvisoryVDB Entry
Source: cna@vuldb.com
Third Party AdvisoryVDB Entry
Source: cna@vuldb.com
ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.