CVE-2025-14908 MEDIUM

CVE-2025-14908: JeecgBoot Multi-Tenant Management SysTenantController.java improper authentication

Vendor N/A

Product JeecgBoot

Weakness CWE-287 · Improper authentication

Published December 19, 2025

Last update December 19, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A security flaw has been discovered in JeecgBoot up to 3.9.0. The affected element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTenantController.java of the component Multi-Tenant Management Module. Performing manipulation of the argument ID results in improper authentication. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. The patch is named e1c8f00bf2a2e0edddbaa8119afe1dc92d9dc1d2/67795493bdc579e489d3ab12e52a1793c4f8a0ee. It is recommended to apply a patch to fix this issue.

Key dates

Disclosure timeline

December 19, 2025 CVE published

December 19, 2025 Record updated

Identifiers

CVE CVE-2025-14908

CWE CWE-287

CVSS 5.3 / MEDIUM

Affected versions

Vendor N/A

Product JeecgBoot

Affected 3.0

Vendor N/A

Product JeecgBoot

Affected 3.1

Vendor N/A

Product JeecgBoot

Affected 3.2

Vendor N/A

Product JeecgBoot

Affected 3.3

Vendor N/A

Product JeecgBoot

Affected 3.4

Vendor N/A

Product JeecgBoot

Affected 3.5

Vendor N/A

Product JeecgBoot

Affected 3.6

Vendor N/A

Product JeecgBoot

Affected 3.7

Vendor N/A

Product JeecgBoot

Affected 3.8

Vendor N/A

Product JeecgBoot

Affected 3.9.0