CVE-2025-10978
BaseFortify
Publication date: 2025-09-25
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| guojusoft | jeecgboot | to 3.8.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a security flaw in JeecgBoot up to version 3.8.2, specifically in an unknown function within the /sys/user/exportXls file of the Filter Handler component. It results in improper authorization, meaning that an attacker could potentially perform actions they are not authorized to do. The attack can be carried out remotely, and an exploit has already been made public.
How can this vulnerability impact me? :
The vulnerability can allow unauthorized users to access or export user data without proper permissions, potentially leading to data exposure or leakage. Since the attack can be performed remotely, it increases the risk of unauthorized access from external sources. However, the impact is limited to confidentiality as the integrity and availability are not affected.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
Improper authorization leading to unauthorized access to user data could result in violations of data protection regulations such as GDPR or HIPAA, which require strict controls on access to personal and sensitive information. This vulnerability could therefore negatively impact compliance by exposing protected data to unauthorized parties.