{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-10977","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-09-25T14:20:56.882Z","datePublished":"2025-09-25T22:32:08.286Z","dateUpdated":"2025-09-26T15:38:18.442Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-09-25T22:32:08.286Z"},"title":"JeecgBoot deleteBatch improper authorization","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-285","lang":"en","description":"Improper Authorization"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-266","lang":"en","description":"Incorrect Privilege Assignment"}]}],"affected":[{"vendor":"n/a","product":"JeecgBoot","versions":[{"version":"3.8.0","status":"affected"},{"version":"3.8.1","status":"affected"},{"version":"3.8.2","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability was identified in JeecgBoot up to 3.8.2. Impacted is an unknown function of the file /sys/tenant/deleteBatch. The manipulation of the argument ids leads to improper authorization. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The exploitability is considered difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."},{"lang":"de","value":"Eine Schwachstelle wurde in JeecgBoot up to 3.8.2 gefunden. Es geht dabei um eine nicht klar definierte Funktion der Datei /sys/tenant/deleteBatch. Die Veränderung des Parameters ids resultiert in improper authorization. Der Angriff kann über das Netzwerk passieren. Das Durchführen eines Angriffs ist mit einer relativ hohen Komplexität verbunden. Die Ausnutzung wird als schwierig beschrieben. Der Exploit ist öffentlich verfügbar und könnte genutzt werden."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":2.3,"vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P","baseSeverity":"LOW"}},{"cvssV3_1":{"version":"3.1","baseScore":3.1,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R","baseSeverity":"LOW"}},{"cvssV3_0":{"version":"3.0","baseScore":3.1,"vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R","baseSeverity":"LOW"}},{"cvssV2_0":{"version":"2.0","baseScore":2.1,"vectorString":"AV:N/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-09-25T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-09-25T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-09-25T16:26:14.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"lucasg2g (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.325848","name":"VDB-325848 | JeecgBoot deleteBatch improper authorization","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.325848","name":"VDB-325848 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.653335","name":"Submit #653335 | jeecgboot  JeecgBoot 3.8.2 broken function level authorization","tags":["third-party-advisory"]},{"url":"https://www.cnblogs.com/aibot/p/19063351","tags":["exploit"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-09-26T15:36:42.990760Z","id":"CVE-2025-10977","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-09-26T15:38:18.442Z"}}]}}