CVE-2025-10318 is a medium-severity vulnerability affecting JeecgBoot versions up to 3.8.2. The issue resides in the WebSocket Message Handler component, specifically within the /api/system/sendWebSocketMsg endpoint. The vulnerability stems from improper authorization related to the manipulation of the userIds argument. This flaw allows an unauthenticated remote attacker with low privileges (PR:L) to manipulate the userIds parameter to bypass authorization controls. The vulnerability does not require user interaction (UI:N) and can be exploited remotely over the network (AV:N). The impact on confidentiality, integrity, and availability is limited but present (VC:L, VI:L, VA:L), indicating that an attacker could potentially send unauthorized WebSocket messages to users or systems, possibly leading to unauthorized information disclosure, message spoofing, or limited disruption of service. The CVSS 4.0 vector indicates no scope change (S:U) and no privileges required beyond low privileges, with partial impact on security properties. The vendor has not responded to disclosure attempts, and no official patches are currently available. Public exploits exist, increasing the risk of exploitation. The vulnerability affects an unknown functionality of the endpoint, suggesting that the exact consequences depend on the application context and how WebSocket messages are handled internally. Given the use of WebSocket for real-time communication, exploitation could allow attackers to impersonate messages or send unauthorized commands, potentially impacting business processes or user communications within affected systems.

For European organizations using JeecgBoot versions 3.8.0 through 3.8.2, this vulnerability poses a moderate risk. JeecgBoot is an open-source rapid development platform popular in certain enterprise environments for building web applications. Exploitation could allow attackers to send unauthorized WebSocket messages, potentially leading to unauthorized data access, manipulation of real-time communications, or disruption of services relying on WebSocket messaging. This could affect sectors relying on real-time data exchange such as finance, manufacturing, and public services. The lack of vendor response and absence of patches increases exposure time. Organizations may face risks including data leakage, unauthorized command execution, or reputational damage if attackers leverage this vulnerability to impersonate legitimate communications or disrupt operations. The medium severity suggests that while the impact is not catastrophic, it is significant enough to warrant prompt attention, especially in environments where WebSocket communications are critical. The availability of public exploits further elevates the threat level, increasing the likelihood of opportunistic attacks targeting vulnerable deployments in Europe.

1. Immediate mitigation should include restricting access to the /api/system/sendWebSocketMsg endpoint via network-level controls such as firewalls or API gateways, limiting exposure to trusted internal networks or authenticated users only. 2. Implement strict input validation and authorization checks on the userIds parameter at the application level to ensure only authorized users can send messages to intended recipients. 3. Monitor WebSocket traffic for anomalous message patterns or unauthorized message sending attempts using intrusion detection systems or Web Application Firewalls (WAFs) with WebSocket support. 4. If possible, disable or restrict WebSocket functionality temporarily until a vendor patch or official fix is available. 5. Conduct thorough code reviews and penetration testing focused on WebSocket message handling to identify and remediate similar authorization issues. 6. Maintain an inventory of all JeecgBoot instances and upgrade to newer versions once patches are released. 7. Engage with the JeecgBoot community or security forums for updates or unofficial patches. 8. Employ compensating controls such as multi-factor authentication and enhanced logging to detect and respond to suspicious activities related to WebSocket communications.