CVE-2025-67342
BaseFortify
Publication date: 2025-12-12
Last updated on: 2025-12-19
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ruoyi | ruoyi | to 4.8.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by testing the /system/menu/edit endpoint for stored XSS by attempting to inject payloads into the menuName field. For example, try submitting a payload like `<img src=" onerror="alert('xss')">` in the menuName field via an HTTP POST request and then observe if the script executes when the menu is rendered. Using tools like curl or Burp Suite to send crafted requests can help. Example curl command: `curl -X POST -d "menuName=<img src=" onerror="alert('xss')">" https://your-ruoyi-instance/system/menu/edit -b cookies.txt` (assuming authentication cookies). Then, check the menu display page to see if the alert triggers, indicating the stored XSS. Monitoring HTTP responses for unescaped HTML entities and testing user inputs with double quotes encoded as `"` can also help detect the vulnerability. [1]
Can you explain this vulnerability to me?
This vulnerability is a stored Cross-Site Scripting (XSS) issue in RuoYi versions 4.8.1 and earlier, specifically in the /system/menu/edit endpoint. Although the endpoint has an XSS filter, it can be bypassed. Because the menu is shared among all users, any user with permissions to modify the menu can exploit this vulnerability to inject malicious scripts that affect all users.
How can this vulnerability impact me? :
The vulnerability allows an attacker with menu modification permissions to inject malicious scripts that will be executed in the browsers of all users sharing the menu. This can lead to unauthorized actions, data theft, session hijacking, or other malicious activities affecting all users of the system.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting menu modification permissions to trusted users only, as any user with such permissions can exploit the vulnerability. Additionally, avoid using the vulnerable versions (4.8.1 and earlier) of RuoYi and upgrade to a patched version once available. As a temporary workaround, sanitize or validate inputs on the /system/menu/edit endpoint to prevent injection of double quotes encoded as `"` and ensure proper encoding of double quotes in the XSS filter. Also, avoid rendering user input with unescaped HTML (such as using `th:utext`) until the issue is fixed. [1]