CVE-2025-14909

low-risk

Published 2025-12-19

A weakness has been identified in JeecgBoot up to 3.9.0. The impacted element is the function SysUserOnlineController of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserOnlineController.java. Executing manipulation can lead to manage user sessions. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. This patch is called b686f9fbd1917edffe5922c6362c817a9361cfbd. Applying a patch is advised to resolve this issue.

Do I need to act?

0.10% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.3/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Jeecg Boot

Affected Vendors

Jeecg

References (6)

Patch https://github.com/jeecgboot/JeecgBoot/commit/b686f9fbd1917edffe5922c6362c817a93...

Exploit https://github.com/jeecgboot/JeecgBoot/issues/9195

Exploit https://github.com/jeecgboot/JeecgBoot/issues/9195#issue-3719368751

Permissions Required https://vuldb.com/?ctiid.337433

Third Party Advisory https://vuldb.com/?id.337433

Exploit https://vuldb.com/?submit.715743

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal