CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-46174

Ruoyi v4.8.0 vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the resetPwd Method of SysUserController.java.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 5.0%

CVSS Severity

CVSS v3 Score 7.5

References

https://gist.github.com/Han-tj/29543ce0dae8cbb3bcbedca3390844a9
https://gitee.com/y_project/RuoYi/commit/ea4af7a8cf54393b11d3d286e0aaeb3df8a9aaef
https://gitee.com/y_project/RuoYi/issues/IC1JZR

Products affected by CVE-2025-46174

Ruoyi » Ruoyi » Version: 4.8.0

cpe:2.3:a:ruoyi:ruoyi:4.8.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-46174

Products

Pricing

Contact Us