CNNVD-202511-2885 Information

CNNVD ID

CNNVD-202511-2885

Related CVE

CVE-2025-46174

• CNNVD Published: 2025-11-26

Description (Chinese)

Ruoyi是若依个人开发者的一个后台管理系统。 Ruoyi v4.8.0版本存在安全漏洞，该漏洞源于SysUserController.java中resetPwd方法缺少权限检查。

Description (English)

Ruoyi is a back-office management system based on an individual developer. There is a security gap in version Ruoyi v4.8.0, which stems from the lack of access to the SysUserController.java ’ s ResetPwd method.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-11-26

Last Modified

2026-02-24

References

https://gist.github.com/Han-tj/29543ce0dae8cbb3bcbedca3390844a9 https://gitee.com/y_project/RuoYi/commit/ea4af7a8cf54393b11d3d286e0aaeb3df8a9aaef https://gitee.com/y_project/RuoYi/issues/IC1JZR https://access.redhat.com/security/cve/cve-2025-46174

Patch

https://gitee.com/y_project/RuoYi/releases