CVE-2025-14908

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-14908

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-14908.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-14908

Published

2025-12-19T01:16:06.037Z

Modified

2026-03-14T12:41:53.042255Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

A security flaw has been discovered in JeecgBoot up to 3.9.0. The affected element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTenantController.java of the component Multi-Tenant Management Module. Performing manipulation of the argument ID results in improper authentication. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. The patch is named e1c8f00bf2a2e0edddbaa8119afe1dc92d9dc1d2/67795493bdc579e489d3ab12e52a1793c4f8a0ee. It is recommended to apply a patch to fix this issue.

References

Affected packages

Git / github.com/jeecgboot/jeecg-boot

Affected ranges

Type

GIT

Repo

https://github.com/jeecgboot/jeecg-boot

Events

Introduced

Last affected

41877a6e8ba6e485bdd25e6dc5d6279e58754707

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.9.0"
        }
    ]
}

Type: GIT
Repo: https://github.com/jeecgboot/jeecgboot
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e1c8f00bf2a2e0edddbaa8119afe1dc92d9dc1d2

Affected versions

2.*

2.2.0

2.3.0

2.4.0

2.4.1

2.4.5

v2.*

v2.0.2

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v2.1.4

v2.2.1

v2.3

v2.3.0

v2.4.1

v2.4.2

v2.4.3

v2.4.5

v2.4.6

v3.*

v3.0

v3.0.0

v3.1.0

v3.2.0

v3.3.0

v3.4.0

v3.4.2

v3.4.3

v3.4.3last

v3.4.4

v3.4.4last

v3.5.0

v3.5.1

v3.5.1last

v3.5.3

v3.5.5

v3.5.5last

v3.6.0

v3.6.1

v3.6.1last

v3.6.2

v3.6.2_springboot3

v3.6.2last

v3.6.3

v3.6.3_springboot3

v3.6.3last

v3.7.0

v3.7.0_all

v3.7.0_all_last

v3.7.0_springboot3

v3.7.0last_springboot3

v3.7.1

v3.7.1last

v3.7.1springboot3

v3.7.2

v3.7.3

v3.7.3springboot3

v3.7.4

v3.8.0

v3.8.0last

v3.8.0last_springboot3

v3.8.1

v3.8.2

v3.8.2last_springboot2

v3.8.2last_springboot3

v3.8.3

v3.8.3.1

v3.9.0

v3.9.0last

Database specific

vanir_signatures

[
    {
        "digest": {
            "length": 418.0,
            "function_hash": "54757400589960672118369657915392539087"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2025-14908-37e28137",
        "target": {
            "function": "joinTenantByHouseNumber",
            "file": "jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTenantController.java"
        },
        "source": "https://github.com/jeecgboot/jeecgboot/commit/e1c8f00bf2a2e0edddbaa8119afe1dc92d9dc1d2"
    },
    {
        "digest": {
            "length": 1200.0,
            "function_hash": "35925952847386552047793138457558706178"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2025-14908-5d0722c4",
        "target": {
            "function": "agreeOrRefuseJoinTenant",
            "file": "jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTenantController.java"
        },
        "source": "https://github.com/jeecgboot/jeecgboot/commit/e1c8f00bf2a2e0edddbaa8119afe1dc92d9dc1d2"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "202615151555579670378692620308952852931",
                "138147614918650519302093904507596983117",
                "40969799432964781120476219049046486472",
                "193148106370983631393143604397850349564",
                "27530159654914924809830601424883041925",
                "300031748656349424348955025418137874103",
                "180536321666411686731423911313998380679",
                "194678401624324437190773772061752775876",
                "19105411460034665559625799743176062252",
                "2826863845048261054391146222577404719",
                "193257710026396501137289342932905457362",
                "270017980314828126333347928056164044548",
                "283272375503810574602487929664625371079",
                "145458829309059231968702725382594594311",
                "335037055222550971634534479293123003292",
                "138668003658117500670325347578752708790",
                "17783467794767459537233185601109268098",
                "334380897967641730580056956792482291510",
                "297330249763397383702200297094352386687",
                "291034628717459088411647789706583194716",
                "97988860261616415399312701113347212303",
                "233504031783619091305516730453642052248",
                "142990315520751553599498681737278045045",
                "121484377778167538738357307322557051866",
                "287366734516074678693192627350832337054",
                "92679881762863292384681023360768862849",
                "35930117825069477446015658880876072979",
                "31807772201551673530218838929074017686",
                "267971820604190732838876050290178629950",
                "59840349141550611184057531770423558397",
                "265831534649179093515293236175969960629",
                "190912697620172881105165049083395890791",
                "318684293056178199078597749988071456497",
                "110563166129503309800486188919413594993",
                "177792018403164698150125136832791160124",
                "112519355245102847777438452025337293424",
                "206640785115638484600351668823283701817",
                "272912809434020674859662086623796534614",
                "282452984629571992876507027885916944275",
                "138489848167440022495700530870076120559",
                "53423488647472003262281512498902155929",
                "124011606991257261984049545533484116245",
                "232480034035444502701730365599560876256",
                "40573371097960627093013765765679147054",
                "179310190492851728208068236647176188947",
                "148316919476366631925735541219854536175",
                "286384564288970891724367595992463955430",
                "149089661844195632759746413215662032792",
                "274534112322361761786015047328988683021",
                "240458276768203008279126014983937671855",
                "171233197857646410602378511111474557477",
                "291986411987003584404656593471295889877",
                "107519220119777486832077835541086925112",
                "289283186377559304316051850022025412129",
                "166647867785053005020600261290254541773",
                "231903482520063195097558822109288201461"
            ]
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2025-14908-c1f0bad7",
        "target": {
            "file": "jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTenantController.java"
        },
        "source": "https://github.com/jeecgboot/jeecgboot/commit/e1c8f00bf2a2e0edddbaa8119afe1dc92d9dc1d2"
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-14908.json"