CVE-2025-51825

CVSS 6.5 MEDIUMEPSS 0.2%CWE-89

JeecgBoot versions from 3.4.3 up to 3.8.0 were found to contain a SQL injection vulnerability in the /jeecg-boot/online/cgreport/head/parseSql endpoint, which allows bypassing SQL blacklist restrictions.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Productos afectados

n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/jeecgboot/JeecgBoot/issues/8335 https://r4gd0ll.github.io/2025/JEECGBOOT_BYPASS_SQLInject.html