CNNVD-202511-2881 Information

CNNVD ID

CNNVD-202511-2881

Related CVE

CVE-2025-46175

• CNNVD Published: 2025-11-26

Description (Chinese)

Ruoyi是若依个人开发者的一个后台管理系统。 Ruoyi v4.8.0版本存在安全漏洞，该漏洞源于SysUserController.java中authRole方法缺少权限检查。

Description (English)

Ruoyi is a back-office management system based on an individual developer. There is a security loophole in version Ruoyi v4.8.0, which stems from the lack of access to the system in SysUserController.java.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-11-26

Last Modified

2026-02-24

References

https://gist.github.com/Han-tj/74d2ed84ede1909da55090fed410d288 https://gitee.com/y_project/RuoYi/commit/f935b2782f4237cdbcc13bdce76703e82c42f4fe https://gitee.com/y_project/RuoYi/issues/IC1FS0 https://access.redhat.com/security/cve/cve-2025-46175

Patch

https://gitee.com/y_project/RuoYi/releases