CNNVD-202509-1825 Information

CNNVD ID

CNNVD-202509-1825

Related CVE

CVE-2025-10384

• CNNVD Published: 2025-09-13

Description (Chinese)

RuoYi是中国若依（RuoYi）个人开发者的一款后台管理系统。 RuoYi 4.8.1及之前版本存在授权问题漏洞，该漏洞源于对文件/system/role/authUser/cancelAll中参数roleId和userIds的错误操作，可能导致授权不当。

Description (English)

RuoYi is a back-office management system for the personal developers of RuoYi in China. RuoYi 4.8.1 and previous versions had a mandate gap, which stemmed from the mishandling of the parameters roleid and userIds in document/system/rule/authUser/cancelAll, which could lead to improper delegation of authority.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

个人开发者

Published

2025-09-13

Last Modified

2026-02-24

References

https://vuldb.com/?id.323819 https://vuldb.com/?ctiid.323819 https://www.cnblogs.com/aibot/p/19063509 https://vuldb.com/?submit.643810 https://access.redhat.com/security/cve/cve-2025-10384