CVE-2025-15123
Improper Authorization in JeecgBoot /sysDepartPermission Remote Access
Publication date: 2025-12-28
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jeecg | jeecgboot | 3.9.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-15123 is a tenant privilege escalation vulnerability in JeecgBoot up to version 3.9.0. It occurs in the API endpoint GET /sys/sysDepartPermission/datarule/{permissionId}/{departId}, which queries department permission data rules without verifying if the requested department belongs to the logged-in user's tenant. This lack of tenant ownership validation allows an attacker with a valid login session to access data permission rules of other tenants by guessing or enumerating their department and permission IDs. The data exposed includes fine-grained access control policies, field-level filtering conditions, and sensitive business logic, enabling attackers to map the permission system and potentially craft targeted data leakage or access bypass attacks. [1, 3]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of other tenants' data access control policies, exposing sensitive business logic and database schema details. Attackers can fully map the permission system of other tenants, which facilitates further targeted data leakage or access bypass attacks. It compromises data confidentiality and system security by allowing cross-tenant access to sensitive permission configurations. The attack can be launched remotely by an authenticated user and is considered difficult but feasible to exploit. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring and testing the API endpoint GET /sys/sysDepartPermission/datarule/{permissionId}/{departId} for improper authorization. Specifically, you can attempt to send crafted GET requests with permissionId and departId values that belong to other tenants to see if data permission rules are returned without proper tenant validation. Detection involves verifying whether the system validates tenant ownership before returning data. Commands to test this could include using curl or similar HTTP clients to send requests like: curl -i -X GET "https://<target>/sys/sysDepartPermission/datarule/<permissionId>/<departId>" -H "Authorization: Bearer <valid_token>" and checking if data from other tenants is disclosed. Additionally, audit logs should be reviewed for unusual queries to this endpoint. Since the vulnerability requires a valid login session, ensure you have authenticated credentials for testing. No automated detection commands are provided, but manual API testing as described is recommended. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1. Validate tenant ownership by checking if the department's tenantId matches the current user's tenantId before processing requests to the vulnerable endpoint. 2. Enforce tenant ID filtering in database queries related to department permissions. 3. Restrict access to data permission rules to authorized roles only, such as department or system administrators, using Role-Based Access Control (RBAC). 4. Apply data desensitization to sensitive information before returning it in responses. 5. Implement audit logging for all data permission rule queries, capturing user identity, timestamps, and query parameters. If patching or vendor fixes are unavailable, consider replacing the affected component or product to prevent exploitation. These steps help prevent unauthorized cross-tenant data access and reduce the risk of data leakage. [1, 3, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows unauthorized cross-tenant access to sensitive permission configurations, including fine-grained data access control policies and business logic. Such unauthorized data disclosure and improper authorization can lead to violations of data confidentiality requirements mandated by common standards and regulations like GDPR and HIPAA. Exposure of sensitive information and failure to enforce proper access controls may result in non-compliance with these regulations, which require strict protection of personal and sensitive data. Therefore, this vulnerability negatively impacts compliance by enabling data leakage and unauthorized access across tenants. [1, 3]