Login Sign Up

CVE-2025-14909

4.3 MEDIUM
Authentication Bypass

📋 TL;DR

This vulnerability in JeecgBoot allows attackers to remotely manipulate user sessions through the SysUserOnlineController function. It affects JeecgBoot versions up to 3.9.0, potentially enabling unauthorized session management. Organizations using vulnerable versions of this Java-based rapid development framework are at risk.

💻 Affected Systems

Products:
  • JeecgBoot
Versions: Up to version 3.9.0
Operating Systems: All platforms running Java
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all deployments of JeecgBoot up to 3.9.0 regardless of configuration.

📦 What is this software?

Jeecg Boot by Jeecg

View all CVEs affecting Jeecg Boot →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could hijack administrative sessions, gain unauthorized access to sensitive systems, and potentially compromise the entire application.

🟠

Likely Case

Attackers could manipulate user sessions to gain unauthorized access to user accounts, potentially accessing sensitive data or performing unauthorized actions.

🟢

If Mitigated

With proper session management controls and network segmentation, impact would be limited to isolated application components.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

The exploit has been made publicly available and requires some level of access to the application.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched in commit b686f9fbd1917edffe5922c6362c817a9361cfbd

Vendor Advisory: https://github.com/jeecgboot/JeecgBoot/issues/9195

Restart Required: Yes

Instructions:

1. Update JeecgBoot to version after commit b686f9fbd1917edffe5922c6362c817a9361cfbd. 2. Rebuild and redeploy the application. 3. Restart the application server.

🔧 Temporary Workarounds

Network Access Restriction

linux

Restrict network access to the JeecgBoot application to trusted IP addresses only.

iptables -A INPUT -p tcp --dport <app_port> -s <trusted_ip> -j ACCEPT
iptables -A INPUT -p tcp --dport <app_port> -j DROP

🧯 If You Can't Patch

  • Implement strict session management controls and monitor for unusual session activity.
  • Deploy a web application firewall (WAF) with rules to detect and block session manipulation attempts.

🔍 How to Verify

Check if Vulnerable:

Check if JeecgBoot version is 3.9.0 or earlier by examining application version files or build metadata.

Check Version:

grep -r "version\|jeecg" pom.xml or check application.properties for version information

Verify Fix Applied:

Verify that the commit hash includes b686f9fbd1917edffe5922c6362c817a9361cfbd or later in the git history.

📡 Detection & Monitoring

Log Indicators:

  • Unusual session creation/modification patterns
  • Multiple session requests from single IP
  • Unauthorized access to SysUserOnlineController endpoints

Network Indicators:

  • HTTP requests to /sys/userOnline endpoints with suspicious parameters
  • Unusual session ID manipulation in requests

SIEM Query:

source="application.log" AND ("SysUserOnlineController" OR "session manipulation") AND status=200

📊 Metadata

CVE ID: CVE-2025-14909
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CWE: CWE-1018
EPSS Score: 0.09% exploit probability (25th percentile)
Published: December 19, 2025
Last Updated: December 30, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON