CVE-2025-46175

Published: Nov 26, 2025

Modified: Dec 4, 2025

PUBLISHED

Description

Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gitee.com/y_project/RuoYi/issues/IC1FS0

https://gitee.com/y_project/RuoYi/commit/f935b2782f4237cdbcc13bdce76703e82c42f4fe

https://gist.github.com/Han-tj/74d2ed84ede1909da55090fed410d288

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-46175

Description

Affected Products

References