CNNVD-202509-1751 Information

CNNVD ID

CNNVD-202509-1751

Related CVE

CVE-2025-10276

• CNNVD Published: 2025-09-12

Description (Chinese)

ruoyi-vue-pro是中国芋道源码（zhijiantianya）开源的一款经优化重构的高效后台管理系统框架，用于开发企业后台、SaaS平台、微信小程序后台等。 ruoyi-vue-pro 2025.09及之前版本存在授权问题漏洞，该漏洞源于对文件/crm/contract/transfer中参数id/newOwnerUserId的授权不当，可能导致远程攻击。

Description (English)

Ruoyi-vue-pro is an optimized framework for an efficient back-office management system for the development of enterprise backstages, SaaS platforms, micro-intelligence applet backstages, etc. Ruoyi-vue-pro 2025.09 and previous versions had a mandate gap that stemmed from inappropriate authorization of id/newOwnerUserid, the parameter in document/crm/contract/transfer, which could lead to a long-range attack.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

智安科技

Published

2025-09-12

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.323646 https://vuldb.com/?id.323646 https://vuldb.com/?submit.643386 https://www.cnblogs.com/aibot/p/19063567 https://access.redhat.com/security/cve/cve-2025-10276