{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-10981","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-09-25T14:21:07.137Z","datePublished":"2025-09-26T00:02:07.436Z","dateUpdated":"2025-09-26T15:18:45.375Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-09-26T00:02:07.436Z"},"title":"JeecgBoot exportXls improper authorization","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-285","lang":"en","description":"Improper Authorization"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-266","lang":"en","description":"Incorrect Privilege Assignment"}]}],"affected":[{"vendor":"n/a","product":"JeecgBoot","versions":[{"version":"3.8.0","status":"affected"},{"version":"3.8.1","status":"affected"},{"version":"3.8.2","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability was detected in JeecgBoot up to 3.8.2. This impacts an unknown function of the file /sys/tenant/exportXls. Performing manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."},{"lang":"de","value":"Eine Schwachstelle wurde in JeecgBoot up to 3.8.2 gefunden. Es ist betroffen eine unbekannte Funktion der Datei /sys/tenant/exportXls. Mit der Manipulation mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Es ist möglich, den Angriff aus der Ferne durchzuführen. Die Schwachstelle wurde öffentlich offengelegt und könnte ausgenutzt werden."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":4.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":4.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":4,"vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-09-25T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-09-25T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-09-25T16:26:19.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"lucasg2g (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.325852","name":"VDB-325852 | JeecgBoot exportXls improper authorization","tags":["vdb-entry"]},{"url":"https://vuldb.com/?ctiid.325852","name":"VDB-325852 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.653341","name":"Submit #653341 | jeecgboot JeecgBoot 3.8.2 broken function level authorization","tags":["third-party-advisory"]},{"url":"https://www.cnblogs.com/aibot/p/19063356","tags":["exploit"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-09-26T15:18:31.053645Z","id":"CVE-2025-10981","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-09-26T15:18:45.375Z"}}]}}