Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Unauthenticated network endpoint with no user interaction (AV:N/AC:L/PR:N/UI:N); impact is confidential data and credential disclosure only, so C:H, I:N, A:N.
Primary rating from Vendor (VulnCheck).
CVSS VectorVendor: VulnCheck
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
JimuReport through 2.5.0 exposes the POST /jmreport/auto/export endpoint without authentication: the handler is annotated @JimuNoLoginRequired, so JimuReportTokenInterceptor skips all authentication and authorization, and the export service streams the rendered report for any supplied report id without verifying the auto-export configuration flag. An unauthenticated remote attacker can enumerate Snowflake report identifiers and export the full contents of any report, including the data returned by the report configured SQL queries and any credentials embedded in its data sources.
AnalysisAI
Unauthenticated report data exfiltration in JimuReport (JeecgBoot) through version 2.5.0 lets remote attackers export the full contents of any report via the POST /jmreport/auto/export endpoint. Because the handler carries the @JimuNoLoginRequired annotation, JimuReportTokenInterceptor skips all authentication and the export service never checks the auto-export configuration flag, so any guessed report id is rendered and streamed back. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Recommended ActionAI
24 hours: Identify all systems running JimuReport through version 2.5.0; implement firewall or WAF rules to block POST requests to /jmreport/auto/export; review access logs for suspicious export activity. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Jimureport
View allJimuReport through 2.1.3 has RCE via user-controlled H2 JDBC URLs. The application passes attacker-supplied JDBC connect
An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport v1.7.8 allows attacker to escalate privileges via
A vulnerability was found in jeecgboot JimuReport up to 1.6.0. Rated critical severity (CVSS 9.8), this vulnerability is
A vulnerability classified as critical was found in jeecgboot JimuReport up to 1.6.1. Rated critical severity (CVSS 9.8)
Code injection in JimuReport's Data Source Handler allows authenticated high-privilege users to execute arbitrary code v
A vulnerability was determined in jeecgboot JimuReport up to 2.1.1. Rated medium severity (CVSS 5.3), this vulnerability
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40362
GHSA-cg8w-ggx5-v8p7