CVE-2025-56396
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-26
Last updated on: 2025-12-04
Assigner: MITRE
Description
Description
An issue was discovered in Ruoyi 4.8.1 allowing attackers to gain escalated privileges due to the owning department having higher rights than the active user.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ruoyi | ruoyi | 4.8.1 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability can allow attackers to escalate their privileges beyond what they should have, potentially leading to unauthorized access and control over sensitive parts of the system.
Can you explain this vulnerability to me?
This vulnerability in Ruoyi 4.8.1 allows attackers to gain escalated privileges because the owning department has higher rights than the active user, enabling privilege escalation.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70