CVE-2025-15121 MEDIUM

CVE-2025-15121: JeecgBoot getDeptRoleByUserId information disclosure

Vendor N/A
Product JeecgBoot
Weakness CWE-200 · Info exposure
Published December 28, 2025
Last update December 29, 2025

CVSS base score

4.8/10
Attack vector Adjacent
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X

What the vulnerability does

01Description

A vulnerability has been found in JeecgBoot up to 3.9.0. The affected element is the function getDeptRoleByUserId of the file /sys/sysDepartRole/getDeptRoleByUserId. Such manipulation of the argument departId leads to information disclosure. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

December 28, 2025 CVE published
December 29, 2025 Record updated