CVE-2025-28410

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-28410
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-28410.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-28410
Published
2025-04-07T16:15:25Z
Modified
2025-04-10T09:46:47.248824Z
Summary
[none]
Details

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the cancelAuthUserAll method does not properly validate whether the requesting user has administrative privileges

References

Affected packages

Git / github.com/yangzongzhuan/ruoyi

Affected ranges

Type
GIT
Repo
https://github.com/yangzongzhuan/ruoyi
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

v2.*

v2.2
v2.3
v2.4

v3.*

v3.0
v3.1
v3.2
v3.3
v3.4

v4.*

v4.0
v4.1
v4.2
v4.3
v4.3.1
v4.4
v4.5.0
v4.5.1
v4.6.0
v4.6.1
v4.6.2
v4.7.0
v4.7.1
v4.7.2
v4.7.3
v4.7.4
v4.7.5
v4.7.6
v4.7.7
v4.7.8
v4.7.9
v4.8.0