6.5

CVE-2025-10981

Exploit
A vulnerability was detected in JeecgBoot up to 3.8.2. This impacts an unknown function of the file /sys/tenant/exportXls. Performing manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JeecgJeecg Boot Version <= 3.8.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.03% 0.089
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cna@vuldb.com 5.3 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
cna@vuldb.com 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
CWE-266 Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

https://vuldb.com/?ctiid.325852
VDB Entry
Permissions Required
https://vuldb.com/?id.325852
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.653341
Third Party Advisory
VDB Entry
https://www.cnblogs.com/aibot/p/19063356
Third Party Advisory
Exploit