CVE-2025-0734

A vulnerability has been found in y_project RuoYi up to 4.8.0 and classified as critical. This vulnerability affects the function getBeanName of the component Whitelist. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.7 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
4.7 MEDIUM
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
VendorProductVersion
ruoyiruoyi
𝑥
≤ 4.8.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gist.github.com/GSBP0/3c1b0f9dbdd2a48b8f52330cfbbc279b
https://vuldb.com/?ctiid.293512
https://vuldb.com/?id.293512
https://vuldb.com/?submit.482823