Vulnerability Description
A weakness has been identified in JeecgBoot up to 3.9.0. The impacted element is the function SysUserOnlineController of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserOnlineController.java. Executing manipulation can lead to manage user sessions. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. This patch is called b686f9fbd1917edffe5922c6362c817a9361cfbd. Applying a patch is advised to resolve this issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jeecg | Jeecg Boot | <= 3.9.0 |
Related Weaknesses (CWE)
References
- https://github.com/jeecgboot/JeecgBoot/commit/b686f9fbd1917edffe5922c6362c817a93Patch
- https://github.com/jeecgboot/JeecgBoot/issues/9195ExploitIssue TrackingThird Party Advisory
- https://github.com/jeecgboot/JeecgBoot/issues/9195#issue-3719368751ExploitIssue TrackingThird Party Advisory
- https://vuldb.com/?ctiid.337433Permissions RequiredVDB Entry
- https://vuldb.com/?id.337433Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.715743ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2025-14909?
CVE-2025-14909 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A weakness has been identified in JeecgBoot up to 3.9.0. The impacted element is the function SysUserOnlineController of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeec...
How severe is CVE-2025-14909?
CVE-2025-14909 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-14909?
Check the references section above for vendor advisories and patch information. Affected products include: Jeecg Jeecg Boot.