2 matches found
CVE-2025-10384 yangzongzhuan RuoYi Role cancelAll improper authorization
A flaw has been found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the file /system/role/authUser/cancelAll of the component Role Handler. Executing manipulation of the argument roleId/userIds can lead to improper authorization. The attack may ...
CVE-2025-10384
A vulnerability (CVE-2025-10384) affects yangzongzhuan RuoYi up to version 4.8.1, specifically the Role Handler’s endpoint /system/role/authUser/cancelAll. The issue arises from improper authorization when manipulating the arguments roleId or userIds, allowing remote exploitation. Multiple feeds ...