CNNVD-202512-3741 Information

Dec 19, 2025 cve

CNNVD ID

CNNVD-202512-3741

CVE-2025-14909

CNNVD Published: 2025-12-19

Description (Chinese)

JeecgBoot是中国国炬（Jeecg）公司的一个适用于企业 Web 应用程序的 Java 低代码平台。 JeecgBoot 3.9.0及之前版本存在安全漏洞，该漏洞源于对文件jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserOnlineController.java的错误操作，可能导致用户会话管理不当。

Description (English)

JeecgBoot is a Java low-code platform for the enterprise Web application of Jeecg. JeecgBoot 3.9.0 and previous versions had a security loophole, which stemmed from an error in the management of document jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysuserOnlineController.java, which could lead to inappropriate user conversation management.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

国炬

Published

2025-12-19

Last Modified

2026-02-24

References

https://github.com/jeecgboot/JeecgBoot/commit/b686f9fbd1917edffe5922c6362c817a9361cfbd https://github.com/jeecgboot/JeecgBoot/issues/9195 https://github.com/jeecgboot/JeecgBoot/issues/9195#issue-3719368751 https://vuldb.com/?ctiid.337433 https://vuldb.com/?id.337433 https://vuldb.com/?submit.715743 https://access.redhat.com/security/cve/cve-2025-14909

Share on: