Login Sign Up

CVE-2025-15121

2.4 LOW

📋 TL;DR

This vulnerability in JeecgBoot allows attackers to exploit the getDeptRoleByUserId function by manipulating the departId parameter, leading to unauthorized information disclosure. It affects JeecgBoot versions up to 3.9.0. Organizations using vulnerable versions of this Java-based rapid development platform are at risk.

💻 Affected Systems

Products:
  • JeecgBoot
Versions: up to 3.9.0
Operating Systems: All platforms running Java
Default Config Vulnerable: ⚠️ Yes
Notes: Affects deployments where the /sys/sysDepartRole/getDeptRoleByUserId endpoint is accessible.

📦 What is this software?

Jeecg Boot by Jeecg

View all CVEs affecting Jeecg Boot →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access sensitive department role information for all users, potentially revealing organizational structure and access privileges.

🟠

Likely Case

Limited information disclosure about department roles and user assignments, which could aid in further attacks.

🟢

If Mitigated

Minimal impact with proper input validation and access controls in place.

🌐 Internet-Facing: MEDIUM - Web applications exposed to the internet are vulnerable if the endpoint is accessible.
🏢 Internal Only: LOW - Internal-only deployments reduce exposure but still vulnerable to insider threats.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires sending manipulated departId parameter to the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: Yes

Instructions:

1. Monitor JeecgBoot GitHub repository for updates. 2. Apply patch when available. 3. Restart application server.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side validation for departId parameter to prevent manipulation.

Implement parameter validation in controller layer

Endpoint Restriction

all

Restrict access to /sys/sysDepartRole/getDeptRoleByUserId endpoint.

Configure web.xml or Spring Security to restrict endpoint access

🧯 If You Can't Patch

  • Implement Web Application Firewall (WAF) rules to block suspicious parameter manipulation
  • Monitor access logs for unusual requests to the vulnerable endpoint

🔍 How to Verify

Check if Vulnerable:

Test if manipulating departId parameter in requests to /sys/sysDepartRole/getDeptRoleByUserId returns unauthorized information.

Check Version:

Check pom.xml for jeecg-boot version or application.properties for version information.

Verify Fix Applied:

Verify parameter manipulation no longer returns sensitive information and proper input validation is enforced.

📡 Detection & Monitoring

Log Indicators:

  • Unusual parameter values in departId field
  • Multiple requests to /sys/sysDepartRole/getDeptRoleByUserId with varying parameters

Network Indicators:

  • HTTP requests with manipulated departId parameters

SIEM Query:

source="web_server" AND uri="/sys/sysDepartRole/getDeptRoleByUserId" AND (param.departId CONTAINS suspicious_pattern)

📊 Metadata

CVE ID: CVE-2025-15121
CVSS v3 Score: 2.4 (LOW)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-200
EPSS Score: 0.05% exploit probability (15.8th percentile)
Published: December 28, 2025
Last Updated: December 30, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15121, you might also want to check these:

CVE-2025-61481 10.0

MikroTik RouterOS and SwOS expose their WebFig management interface over unencrypted HTTP by default...

Same vulnerability type (CWE-200)
CVE-2025-53624 10.0

The Docusaurus gists plugin versions before 4.0.0 expose GitHub Personal Access Tokens in client-sid...

Same vulnerability type (CWE-200)
CVE-2023-49103 10.0

This vulnerability in ownCloud's graphapi app exposes PHP configuration details (phpinfo) via a thir...

Same vulnerability type (CWE-200)