CVE-2025-51825: JeecgBoot SQL Injection Vulnerability

August 22, 2025

JeecgBoot versions from 3.4.3 up to 3.8.0 were found to contain a SQL injection vulnerability in the /jeecg-boot/online/cgreport/head/parseSql endpoint, which allows bypassing SQL protections.

References

github.com/advisories/GHSA-gj8w-ffq9-6828
github.com/jeecgboot/JeecgBoot
github.com/jeecgboot/JeecgBoot/commit/ddf0f61ae59d217b59884921a98a0bc69b143f41
github.com/jeecgboot/JeecgBoot/issues/8335
nvd.nist.gov/vuln/detail/CVE-2025-51825
r4gd0ll.github.io/2025/JEECGBOOT_BYPASS_SQLInject.html

Code Behaviors & Features

Detect and mitigate CVE-2025-51825 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →