CNNVD-202509-4226 Information

CNNVD ID

CNNVD-202509-4226

Related CVE

CVE-2025-10988

• CNNVD Published: 2025-09-26

Description (Chinese)

ruoyi-vue-pro是中国芋道源码（zhijiantianya）开源的一款经优化重构的高效后台管理系统框架，用于开发企业后台、SaaS平台、微信小程序后台等。 ruoyi-vue-pro 2025.09及之前版本存在授权问题漏洞，该漏洞源于文件/crm/business/transfer授权不当，可能导致远程攻击。

Description (English)

Ruoyi-vue-pro is an optimized framework for an efficient back-office management system for the development of enterprise backstages, SaaS platforms, micro-intelligence applet backstages, etc. Ruoyi-vue-pro 2025.09 and previous versions had a mandate gap, which stemmed from inappropriate authorization of documents/crm/business/transfer, which could lead to long-range attacks.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

芋道源码

Published

2025-09-26

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.325911 https://vuldb.com/?id.325911 https://vuldb.com/?submit.653736 https://www.cnblogs.com/aibot/p/19063563