CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Dromara: >> Ruoyi-Vue-Plus >> 4.3.0-beta2 Security Vulnerabilities

CVE-2025-66916

The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job/workflow/check-node-expression can execute QLExpress expressions, but it does not filter user input, allowing attackers to use the File class to perform arbitrary file reading and writing.

CVSS Score

9.4

EPSS Score

0.001

Published

2026-01-08

Page 1

Vulnerabilities

Vulnerable Software

Dromara: >> Ruoyi-Vue-Plus >> 4.3.0-beta2 Security Vulnerabilities

Products

Pricing

Contact Us