CVE-2025-15126 | JeecgBoot up to 3.9.0 getPositionUserList positionId improper authorization

Inserito da Angelo Barbosa | Dic 27, 2025 | CVE

A vulnerability marked as problematic has been reported in JeecgBoot up to 3.9.0. Affected by this vulnerability is the function getPositionUserList of the file /sys/position/getPositionUserList. This manipulation of the argument positionId causes improper authorization.

This vulnerability appears as CVE-2025-15126. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-15126 | JeecgBoot up to 3.9.0 getPositionUserList positionId improper authorization

Post correlati

CVE-2024-49408 | Samsung Mobile Devices out-of-bounds write

CVE-2024-28866 | GoCD up to 24.0.x redirect_to cross site scripting

CVE-2024-43934 | Robert Felty Collapsing Archives Plugin up to 3.0.5 on WordPress cross site scripting

CVE-2024-37460 | SuperSaaS Plugin up to 2.1.9 on WordPress cross site scripting