CVE-2025-70986

EUVD-2026-4227
Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access sensitive department data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Affected Products (NVD)
VendorProductVersion
ruoyiruoyi
4.8.1
ruoyiruoyi
4.8.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gist.github.com/old6ma/779320a98f361c299ca024521cb72db6
https://gitee.com/y_project/RuoYi
https://gitee.com/y_project/RuoYi/issues/IDIDME
https://github.com/yangzongzhuan/RuoYi