CVE-2025-10976
BaseFortify
Publication date: 2025-09-25
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| guojusoft | jeecgboot | to 3.8.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in JeecgBoot up to version 3.8.2 and involves improper authorization due to manipulation of the 'departId' argument in the /api/getDepartUserList endpoint. An attacker can remotely exploit this issue, although the attack is complex and difficult to execute.
How can this vulnerability impact me? :
The vulnerability can lead to improper authorization, potentially allowing unauthorized access to certain data or functions related to the /api/getDepartUserList endpoint. However, the impact is limited as the confidentiality impact is partial, and there is no impact on integrity or availability. The attack requires high complexity and privileges.