CNNVD-202601-3952 Information

CNNVD ID

CNNVD-202601-3952

Related CVE

CVE-2025-70985

• CNNVD Published: 2026-01-23

Description (Chinese)

Ruoyi是若依个人开发者的一个后台管理系统。 Ruoyi v4.8.2版本存在安全漏洞，该漏洞源于update函数访问控制不当，可能导致未经授权的攻击者任意修改其范围之外的数据。

Description (English)

Ruoyi is a back-office management system based on an individual developer. The version of Ruoyi v 4.8.2 contains a security loophole, which stems from inadequate access controls in theupdate function, which may result in unauthorized assailants arbitrarily modifying data outside its scope.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2026-01-23

Last Modified

2026-02-24

References

https://github.com/yangzongzhuan/RuoYi https://gist.github.com/old6ma/1a2dada02656ba9a4730c85f6c765f4f https://gitee.com/y_project/RuoYi/issues/IDIDK2 https://access.redhat.com/security/cve/cve-2025-70985