CVE-2025-10318 is a medium-severity vulnerability affecting JeecgBoot versions up to 3.8.2. The flaw resides in the WebSocket Message Handler component, specifically in the /api/system/sendWebSocketMsg endpoint. The vulnerability arises from improper authorization due to manipulation of the userIds argument. This allows an unauthenticated remote attacker with low privileges (PR:L) to potentially send WebSocket messages to arbitrary users without proper authorization checks. The vulnerability does not require user interaction and can be exploited remotely over the network (AV:N). The CVSS 4.0 vector indicates low complexity (AC:L), no privileges required for attack initiation (AT:N), and limited impact on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). The vendor has not responded to early disclosure attempts, and no official patches or mitigations have been published yet. Although no known exploits are currently observed in the wild, public exploit code is available, increasing the risk of exploitation. The vulnerability could allow attackers to impersonate or send unauthorized messages to users, potentially leading to information disclosure, social engineering attacks, or disruption of communication channels within affected applications using JeecgBoot's WebSocket messaging.

For European organizations using JeecgBoot, this vulnerability could lead to unauthorized message injection or manipulation within internal communication systems or customer-facing applications that rely on WebSocket messaging. This may result in unauthorized disclosure of sensitive information, erosion of trust in communication channels, and potential facilitation of phishing or social engineering attacks. Organizations in sectors such as finance, healthcare, government, and critical infrastructure that utilize JeecgBoot for real-time messaging or notifications are particularly at risk. The medium severity and ease of remote exploitation without user interaction make it a credible threat that could impact confidentiality and integrity of communications. Additionally, the lack of vendor response and patches increases the window of exposure, necessitating proactive mitigation by affected entities.

1. Immediately audit and monitor usage of the /api/system/sendWebSocketMsg endpoint to detect any anomalous or unauthorized message sending activities. 2. Implement network-level access controls to restrict access to the WebSocket endpoint to trusted internal networks or authenticated users only. 3. If feasible, temporarily disable or restrict the vulnerable WebSocket message functionality until a vendor patch or official fix is available. 4. Employ Web Application Firewalls (WAFs) with custom rules to detect and block suspicious manipulation of the userIds parameter. 5. Enhance logging and alerting on WebSocket message operations to enable rapid incident response. 6. Conduct internal code reviews and penetration testing focused on authorization logic around WebSocket message handling. 7. Engage with the JeecgBoot community or maintainers to track patch releases and apply updates promptly once available. 8. Educate users and administrators about the risk of social engineering attacks leveraging unauthorized messages sent via this vulnerability.