CVE-2025-70985

RuoYi · RuoYi

An incorrect access control vulnerability in the RuoYi update function allows unauthorized attackers to modify data outside of their intended scope.

Executive summary

A critical access control vulnerability in RuoYi v4.8.2 enables unauthorized users to perform arbitrary data modification, threatening the integrity of the application.

Vulnerability

The vulnerability stems from improper access control logic within the application's update function. This flaw allows an attacker to bypass intended security boundaries and perform unauthorized data modification.

Business impact

The CVSS score of 9.1 highlights the severity of this flaw, as it permits unauthorized manipulation of sensitive data. Exploitation could lead to significant data corruption, loss of business logic integrity, and unauthorized state changes within the application, severely impacting operational reliability.

Remediation

Immediate Action: Update RuoYi to the latest available version provided by the vendor to remediate the access control flaw.

Proactive Monitoring: Review application audit logs for unauthorized update attempts or modifications to records that should be restricted to administrative users.

Compensating Controls: Deploy a Web Application Firewall (WAF) with rules configured to intercept and block suspicious POST or PUT requests targeting the identified update functions.

Exploitation status

Public Exploit Available: False

Analyst recommendation

This vulnerability presents a high risk to data integrity. Administrators must prioritize updating affected RuoYi installations to the latest version to prevent unauthorized data manipulation by malicious actors.