CNNVD-202506-3782 Information

CNNVD ID

CNNVD-202506-3782

Related CVE

CVE-2025-6925

• CNNVD Published: 2025-06-30

Description (Chinese)

RuoYi-Vue-Plus是中国dromara组织的一个开发框架。 RuoYi-Vue-Plus 5.4.0版本存在安全漏洞，该漏洞源于对文件MailController.java中参数filePath的错误操作，导致路径遍历。

Description (English)

RuoYi-Vue-Plus is a development framework for the Dromara organization in China. The security gap in version 5.4.0 of RuoYi-Vue-Plus stems from an error in the application of the parameter file file file file file filePath, which leads to a rouchy.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

dromara

Published

2025-06-30

Last Modified

2026-02-24

References

https://vuldb.com/?submit.600948 https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250620-01/report.md#steps-to-reproduce https://vuldb.com/?id.314437 https://vuldb.com/?ctiid.314437 https://access.redhat.com/security/cve/cve-2025-6925

Patch

https://gitee.com/dromara/RuoYi-Vue-Plus/releases/