CNNVD-202509-1761 Information

CNNVD ID

CNNVD-202509-1761

Related CVE

CVE-2025-10278

• CNNVD Published: 2025-09-12

Description (Chinese)

ruoyi-vue-pro是中国芋道源码（zhijiantianya）开源的一款经优化重构的高效后台管理系统框架，用于开发企业后台、SaaS平台、微信小程序后台等。 ruoyi-vue-pro 2025.09及之前版本存在授权问题漏洞，该漏洞源于对文件/crm/contact/transfer中参数ids/newOwnerUserId的错误操作，可能导致授权不当。

Description (English)

Ruoyi-vue-pro is an optimized framework for an efficient back-office management system for the development of enterprise backstages, SaaS platforms, micro-intelligence applet backstages, etc. Ruoyi-vue-pro 2025.09 and earlier versions had a mandate gap, which stemmed from a mishandling of the parameter ids/newOwnerUserId in document/crm/contact/transfer, which could lead to inappropriate authorization.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

智安科技

Published

2025-09-12

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.323648 https://vuldb.com/?id.323648 https://vuldb.com/?submit.643809 https://www.cnblogs.com/aibot/p/19063565 https://access.redhat.com/security/cve/cve-2025-10278