yangzongzhuan RuoYi Role cancelAll improper authorization_CVE-2025-10384

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A flaw has been found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the file /system/role/authUser/cancelAll of the component Role Handler. Executing manipulation of the argument roleId/userIds can lead to improper authorization. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-10384

Source VulDB

Published Sep 13, 2025 at 19:32

Affected Product

Vendor yangzongzhuan

Product RuoYi

Version 4.8.0

Affected Versions yangzongzhuan RuoYi 4.8.0
yangzongzhuan RuoYi 4.8.1

CWE Classification

CWE-285 CWE-266

References

{
    "lastseen": "",
    "description": "A flaw has been found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the file /system/role/authUser/cancelAll of the component Role Handler. Executing manipulation of the argument roleId/userIds can lead to improper authorization. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-09-13T19:32:06.572Z",
    "modified": "2025-09-13T19:32:06.572Z",
    "type": "cve",
    "title": "yangzongzhuan RuoYi Role cancelAll improper authorization",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.323819\nhttps://vuldb.com/?ctiid.323819\nhttps://vuldb.com/?submit.643810\nhttps://www.cnblogs.com/aibot/p/19063509",
    "id": "CVE-2025-10384",
    "bulletinFamily": "",
    "cwe": [
        "CWE-285",
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "yangzongzhuan RuoYi 4.8.0\nyangzongzhuan RuoYi 4.8.1",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "RuoYi",
    "version": "4.8.0",
    "vendor": "yangzongzhuan",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}