CVE-2025-46174

Published: Nov 26, 2025

Modified: Dec 4, 2025

PUBLISHED

Description

Ruoyi v4.8.0 vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the resetPwd Method of SysUserController.java.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gitee.com/y_project/RuoYi/issues/IC1JZR

https://gitee.com/y_project/RuoYi/commit/ea4af7a8cf54393b11d3d286e0aaeb3df8a9aaef

https://gist.github.com/Han-tj/29543ce0dae8cbb3bcbedca3390844a9

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-46174

Description

Affected Products

References