4 matches found
CVE-2025-28409
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the add method of the /add/parentId endpoint does not properly validate whether the requesting user has permission to add a menu item under the specified parentId...
CVE-2025-28409
creationtimestamp| type| source ---|---|--- 2025-04-07 17:12:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmahf54e332g 2025-04-07 18:44:40+00:00| seen| https://t.me/cvedetector/22319 2025-08-09 17:25:38+00:00| seen| MISP/a1f4de80-fff0-4971-8020-da8f70ab57ea 2025-09-10...
CVE-2025-28409
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the add method of the /add/parentId endpoint does not properly validate whether the requesting user has permission to add a menu item under the specified parentId...
CVE-2025-28409
The CVE-2025-28409 entry concerns RUoYi v4.8.0 where the add/{parentId} endpoint does not properly validate whether the requesting user has permission to add a menu item under the specified parentId, enabling privilege escalation. Affected software is RUoYi v4.8.0; the underlying issue is insuffi...