CVE-2025-14908HIGH 8.1EPSS p21.7%

CVE-2025-14908CVE-2025-14908

Description

A security flaw has been discovered in JeecgBoot up to 3.9.0. The affected element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTenantController.java of the component Multi-Tenant Management Module. Performing manipulation of the argument ID results in improper authentication. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. The patch is named e1c8f00bf2a2e0edddbaa8119afe1dc92d9dc1d2/67795493bdc579e489d3ab12e52a1793c4f8a0ee. It is recommended to apply a patch to fix this issue.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS0.30% probability of exploitation · percentile 21.7% · 2026-06-19T12:03:05Z
Published2025-12-19
Last modified2026-04-29

Underlying weaknesses· 1

CWE-287

References

  1. https://github.com/jeecgboot/JeecgBoot/commit/e1c8f00bf2a2e0edddbaa8119afe1dc92d9dc1d2
  2. https://github.com/jeecgboot/JeecgBoot/issues/9196
  3. https://vuldb.com/?ctiid.337432
  4. https://vuldb.com/?id.337432
  5. https://vuldb.com/?submit.715742

1

TypeTargetConfidenceTier
WeaknessImproper Authenticationcwe-2870%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-14909
CVE
CVE-2025-10707
CVE
CVE-2026-11464
CVE
CVE-2025-10318
CVE
CVE-2026-2822
CVE
CVE-2026-1746
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.