CVE-2025-10989 yangzongzhuan RuoYi selectAll improper authorization

A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This vulnerability affects unknown code of the file /system/role/authUser/selectAll. Performing manipulation of the argument userIds results in improper authorization. The attack can be initiated remotely. The exploit has bee...

Ruoyi 授权问题漏洞

Ruoyi is a backend management system for Ruoyi's individual developers. An authorization issue vulnerability exists in Ruoyi version 4.8.1 and prior versions, which stems from an incorrect operation of the parameter userIds in the file /system/role/authUser/selectAll, which may result in improper...