← volver
CVE-2025-14909

JeecgBoot SysUserOnlineController.java SysUserOnlineController user session

CVSS 5.3 MEDIUMEPSS 0.4%CWE-1018
A weakness has been identified in JeecgBoot up to 3.9.0. The impacted element is the function SysUserOnlineController of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserOnlineController.java. Executing manipulation can lead to manage user sessions. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. This patch is called b686f9fbd1917edffe5922c6362c817a9361cfbd. Applying a patch is advised to resolve this issue.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
Productos afectados
n/a · JeecgBoot

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/jeecgboot/JeecgBoot/commit/b686f9fbd1917edffe5922c6362c817a9361cfbdhttps://github.com/jeecgboot/JeecgBoot/issues/9195https://github.com/jeecgboot/JeecgBoot/issues/9195#issue-3719368751https://vuldb.com/?ctiid.337433https://vuldb.com/?id.337433https://vuldb.com/?submit.715743