CVE-2025-10981

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-10981

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-10981.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-10981

Published

2025-09-26T00:15:37.643Z

Modified

2026-04-10T05:20:34.070254Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability was detected in JeecgBoot up to 3.8.2. This impacts an unknown function of the file /sys/tenant/exportXls. Performing manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

Affected packages

Git / github.com/jeecgboot/jeecg-boot

Affected ranges

Type

GIT

Repo

https://github.com/jeecgboot/jeecg-boot

Events

Introduced

Last affected

925f1637844eb0a158a7e78f544b93aff66c1644

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.8.2"
        }
    ]
}

Affected versions

2.*

2.2.0

2.3.0

2.4.0

2.4.1

2.4.5

v2.*

v2.0.2

v2.1.0

v2.1.1

v2.1.3

v2.1.4

v2.2.1

v2.3

v2.3.0

v2.4.1

v2.4.2

v2.4.3

v2.4.5

v2.4.6

v3.*

v3.0

v3.0.0

v3.1.0

v3.2.0

v3.4.0

v3.4.2

v3.4.3

v3.4.3last

v3.4.4

v3.4.4last

v3.5.0

v3.5.1

v3.5.1last

v3.5.3

v3.5.5

v3.5.5last

v3.6.0

v3.6.1

v3.6.2

v3.6.2last

v3.6.3

v3.6.3last

v3.7.0

v3.7.0_all

v3.7.0_all_last

v3.7.0last_springboot3

v3.7.1

v3.7.1last

v3.7.2

v3.7.3

v3.8.0

v3.8.0last

v3.8.1

v3.8.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-10981.json"