CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-46175

Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 5.0%

CVSS Severity

CVSS v3 Score 7.5

References

https://gist.github.com/Han-tj/74d2ed84ede1909da55090fed410d288
https://gitee.com/y_project/RuoYi/commit/f935b2782f4237cdbcc13bdce76703e82c42f4fe
https://gitee.com/y_project/RuoYi/issues/IC1FS0

Products affected by CVE-2025-46175

Ruoyi » Ruoyi » Version: 4.8.0

cpe:2.3:a:ruoyi:ruoyi:4.8.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-46175

Products

Pricing

Contact Us