CVE-2025-10976: Improper Authorization in JeecgBoot
A vulnerability was determined in JeecgBoot up to 3.8.2. This issue affects some unknown processing of the file /api/getDepartUserList. Executing manipulation of the argument departId can lead to improper authorization. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
AI Analysis
Technical Summary
CVE-2025-10976 is an improper authorization vulnerability identified in JeecgBoot versions up to 3.8.2. JeecgBoot is a low-code rapid development platform widely used for enterprise applications. The vulnerability specifically affects the processing of the API endpoint /api/getDepartUserList, where manipulation of the 'departId' parameter can bypass authorization controls. This flaw allows an attacker to potentially access user lists or department-related data without proper permissions. The attack can be executed remotely without authentication, but it is characterized by high complexity and difficult exploitability, which limits the likelihood of widespread exploitation. The vendor has not responded to early notifications about this issue, and no patches have been released yet. The CVSS 4.0 score is low (2.3), reflecting limited impact and exploitability. The vulnerability does not affect confidentiality, integrity, or availability significantly, and no user interaction is required. There are no known exploits in the wild at this time.
Potential Impact
For European organizations using JeecgBoot, this vulnerability could lead to unauthorized access to internal user or department data, potentially exposing sensitive organizational structure or personnel information. While the impact on confidentiality is limited due to the low severity and complexity, unauthorized data access could aid attackers in reconnaissance or social engineering campaigns. The lack of vendor response and absence of patches increase the risk of future exploitation, especially in environments where JeecgBoot is used for critical internal applications. However, given the high complexity and difficult exploitability, immediate risk is low. Organizations in Europe with deployments of affected JeecgBoot versions should be aware of potential data exposure and monitor for suspicious API access patterns.
Mitigation Recommendations
Since no official patches are available, European organizations should implement strict access controls around the /api/getDepartUserList endpoint, including network-level restrictions and API gateway policies to validate and sanitize the 'departId' parameter. Employing Web Application Firewalls (WAFs) with custom rules to detect and block anomalous API requests can reduce exposure. Additionally, organizations should conduct internal audits to identify all JeecgBoot instances and upgrade to newer versions once patches are released. Monitoring API logs for unusual access patterns and enforcing least privilege principles on API consumers will further mitigate risk. If feasible, temporarily disabling or restricting access to the vulnerable API endpoint until a fix is available is recommended.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy
CVE-2025-10976: Improper Authorization in JeecgBoot
Description
A vulnerability was determined in JeecgBoot up to 3.8.2. This issue affects some unknown processing of the file /api/getDepartUserList. Executing manipulation of the argument departId can lead to improper authorization. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
AI-Powered Analysis
Technical Analysis
CVE-2025-10976 is an improper authorization vulnerability identified in JeecgBoot versions up to 3.8.2. JeecgBoot is a low-code rapid development platform widely used for enterprise applications. The vulnerability specifically affects the processing of the API endpoint /api/getDepartUserList, where manipulation of the 'departId' parameter can bypass authorization controls. This flaw allows an attacker to potentially access user lists or department-related data without proper permissions. The attack can be executed remotely without authentication, but it is characterized by high complexity and difficult exploitability, which limits the likelihood of widespread exploitation. The vendor has not responded to early notifications about this issue, and no patches have been released yet. The CVSS 4.0 score is low (2.3), reflecting limited impact and exploitability. The vulnerability does not affect confidentiality, integrity, or availability significantly, and no user interaction is required. There are no known exploits in the wild at this time.
Potential Impact
For European organizations using JeecgBoot, this vulnerability could lead to unauthorized access to internal user or department data, potentially exposing sensitive organizational structure or personnel information. While the impact on confidentiality is limited due to the low severity and complexity, unauthorized data access could aid attackers in reconnaissance or social engineering campaigns. The lack of vendor response and absence of patches increase the risk of future exploitation, especially in environments where JeecgBoot is used for critical internal applications. However, given the high complexity and difficult exploitability, immediate risk is low. Organizations in Europe with deployments of affected JeecgBoot versions should be aware of potential data exposure and monitor for suspicious API access patterns.
Mitigation Recommendations
Since no official patches are available, European organizations should implement strict access controls around the /api/getDepartUserList endpoint, including network-level restrictions and API gateway policies to validate and sanitize the 'departId' parameter. Employing Web Application Firewalls (WAFs) with custom rules to detect and block anomalous API requests can reduce exposure. Additionally, organizations should conduct internal audits to identify all JeecgBoot instances and upgrade to newer versions once patches are released. Monitoring API logs for unusual access patterns and enforcing least privilege principles on API consumers will further mitigate risk. If feasible, temporarily disabling or restricting access to the vulnerable API endpoint until a fix is available is recommended.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulDB
- Date Reserved
- 2025-09-25T14:20:47.528Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 68d5bce02738e8358fa1962e
Added to database: 9/25/2025, 10:06:24 PM
Last enriched: 9/25/2025, 10:09:55 PM
Last updated: 9/26/2025, 12:10:45 AM
Views: 5
Related Threats
CVE-2025-21056: CWE-20 Improper Input Validation in Samsung Mobile Retail Mode
MediumCVE-2025-59422: CWE-284: Improper Access Control in langgenius dify
MediumCVE-2025-10467: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in PROLIZ Computer Software Hardware Service Trade Ltd. Co. OBS (Student Affairs Information System)
HighCVE-2025-59841: CWE-384: Session Fixation in FlagForgeCTF flagForge
CriticalCVE-2025-55557: n/a
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.