CVE 8.8 HIGH

CVE-2025-56396_CVE-2025-56396

December 4, 2025 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

An issue was discovered in Ruoyi 4.8.1 allowing attackers to gain escalated privileges due to the owning department having higher rights than the active user.

AI Analysis

Privilege escalation vulnerability in Ruoyi due to higher department rights

Basic Information

ID CVE-2025-56396

Source mitre

Published Nov 26, 2025 at 00:00

Modified Dec 4, 2025 at 20:02

Affected Product

Vendor y_project

Product Ruoyi

Version 4.8.1

Affected Versions n/a n/a n/a

CWE Classification

CWE-284

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor y_project

Product Ruoyi

Version 4.8.1

References

{
    "lastseen": "",
    "description": "An issue was discovered in Ruoyi 4.8.1 allowing attackers to gain escalated privileges due to the owning department having higher rights than the active user.",
    "published": "2025-11-26T00:00:00.000Z",
    "modified": "2025-12-04T20:02:21.630Z",
    "type": "cve",
    "title": "CVE-2025-56396",
    "source": "mitre",
    "references": "https://gitee.com/y_project/RuoYi/issues/ICJ865\nhttps://gist.github.com/Han-tj/22cfd18fa9f116bb886e8e56782f6865",
    "id": "CVE-2025-56396",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Ruoyi",
    "version": "4.8.1",
    "vendor": "y_project",
    "ai_description": "Privilege escalation vulnerability in Ruoyi due to higher department rights",
    "ai_severity": "High",
    "ai_vendor": "y_project",
    "ai_product": "Ruoyi",
    "ai_version": "4.8.1",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply