CVE-2025-66913

Critical CVSS: 9.8

JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user-controlled H2 JDBC URLs. The application passes the attacker-supplied JDBC URL directly to the H2 driver, allowing the use of certain directives to execute arbitrary Java code. A different vulnerability than CVE-2025-10770.

Vendor

Jeecg

Product

Jimureport

CWE

CWE-94

Yayın Tarihi

2026-01-08 20:15:44

Güncelleme

2026-01-30 01:06:25

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-94 Jimureport CRITICAL Jeecg 2026

Referanslar

https://gist.github.com/Catherines77/f15d53e9705b24cf018e5bffed3e8234 https://github.com/jeecgboot/jimureport/issues/4306

Benzer Kayıtlar

Critical

CVE-2024-40489

There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows a…

Critical

CVE-2024-43028

A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3 allows attackers to exe…

Medium

CVE-2026-2945

A weakness has been identified in JeecgBoot 3.9.0. Affected by this vulnerability is an unknown functionality of the fil…

Medium

CVE-2026-2822

A security vulnerability has been detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the…

Low

CVE-2026-2555

A weakness has been identified in JeecgBoot 3.9.1. This vulnerability affects the function importDocumentFromZip of the…

Medium

CVE-2026-2111

A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this issue is some unknown functionality of the fil…