A weakness has been identified in JeecgBoot up to 3.8.2. Affected is an unknown function of the file /message/sysMessageTemplate/sendMsg. Executing manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
References
| Link | Resource |
|---|---|
| https://vuldb.com/?ctiid.324995 | Permissions Required VDB Entry |
| https://vuldb.com/?id.324995 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.644659 | Third Party Advisory VDB Entry |
| https://www.cnblogs.com/aibot/p/19063346 | Exploit Third Party Advisory |
| https://www.cnblogs.com/aibot/p/19063346 | Exploit Third Party Advisory |
Configurations
History
02 Oct 2025, 19:40
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:guojusoft:jeecgboot:*:*:*:*:*:*:*:* | |
| First Time |
Guojusoft jeecgboot
Guojusoft |
|
| References | () https://vuldb.com/?ctiid.324995 - Permissions Required, VDB Entry | |
| References | () https://vuldb.com/?id.324995 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?submit.644659 - Third Party Advisory, VDB Entry | |
| References | () https://www.cnblogs.com/aibot/p/19063346 - Exploit, Third Party Advisory |
19 Sep 2025, 14:15
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.cnblogs.com/aibot/p/19063346 - |
19 Sep 2025, 12:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-09-19 12:15
Updated : 2025-10-02 19:40
NVD link : CVE-2025-10707
Mitre link : CVE-2025-10707
CVE.ORG link : CVE-2025-10707
JSON object : View
Products Affected
guojusoft
- jeecgboot