CVE-2025-56396

EUVD-2025-199730
An issue was discovered in Ruoyi 4.8.1 allowing attackers to gain escalated privileges due to the owning department having higher rights than the active user.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
Affected Products (NVD)
VendorProductVersion
ruoyiruoyi
4.8.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gist.github.com/Han-tj/22cfd18fa9f116bb886e8e56782f6865
https://gitee.com/y_project/RuoYi/issues/ICJ865