CVE-2025-51825

MEDIUM

JeecgBoot 3.4.3-3.8.0 - SQL Injection via Online CGReport Head ParseSql Endpoint

Title source: llm

Description

JeecgBoot versions from 3.4.3 up to 3.8.0 were found to contain a SQL injection vulnerability in the /jeecg-boot/online/cgreport/head/parseSql endpoint, which allows bypassing SQL blacklist restrictions.

References (2)

Core 2

Core References

Exploit, Issue Tracking, Third Party Advisory

https://github.com/jeecgboot/JeecgBoot/issues/8335

Broken Link

https://r4gd0ll.github.io/2025/JEECGBOOT_BYPASS_SQLInject.html

Scores

CVSS v3 6.5

EPSS 0.0022

EPSS Percentile 13.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-89

Status published

Products (2)

guojusoft/jeecgboot 3.4.3 - 3.8.0

org.jeecgframework.boot/jeecg-boot-base-core 3.4.3 - 3.8.1Maven

Published Aug 22, 2025

Tracked Since Feb 18, 2026