How severe is CVE-2025-28408?

CVE-2025-28408 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2025-28408

Name: ruoyi
Author: ruoyi

9.8CRITICAL

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the selectDeptTree method of the /selectDeptTree/{deptId} endpoint does not properly validate the deptId parameter

Veröffentlicht: 4/7/2025Aktualisiert: 4/9/2025

Beschreibung

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the selectDeptTree method of the /selectDeptTree/{deptId} endpoint does not properly validate the deptId parameter

KI-AnalyseKI-gestützt

Betroffene Produkte

ruoyiruoyi

4.8.0

Referenzen

https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28408.md
ExploitThird Party Advisory
https://github.com/yangzongzhuan/RuoYi
Product
https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28408.md
ExploitThird Party Advisory