CVE-2025-67342
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-12

Last updated on: 2025-12-19

Assigner: MITRE

Description
RuoYi versions 4.8.1 and earlier is affected by a stored XSS vulnerability in the /system/menu/edit endpoint. While the endpoint is protected by an XSS filter, the protection can be bypassed. Additionally, because the menu is shared across all users, any user with menu modification permissions can impact all users by exploiting this stored XSS vulnerability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-12
Last Modified
2025-12-19
Generated
2026-06-16
AI Q&A
2025-12-13
EPSS Evaluated
2026-06-15
NVD
CVE-2025-67342
EUVD
EUVD-2025-203096
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ruoyi ruoyi to 4.8.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

You can detect this vulnerability by testing the /system/menu/edit endpoint for stored XSS by attempting to inject payloads into the menuName field. For example, try submitting a payload like `<img src=&#34 onerror=&#34alert('xss')">` in the menuName field via an HTTP POST request and then observe if the script executes when the menu is rendered. Using tools like curl or Burp Suite to send crafted requests can help. Example curl command: `curl -X POST -d "menuName=<img src=&#34 onerror=&#34alert('xss')">" https://your-ruoyi-instance/system/menu/edit -b cookies.txt` (assuming authentication cookies). Then, check the menu display page to see if the alert triggers, indicating the stored XSS. Monitoring HTTP responses for unescaped HTML entities and testing user inputs with double quotes encoded as `&#34;` can also help detect the vulnerability. [1]

Mitigation Strategies

Immediate mitigation steps include restricting menu modification permissions to trusted users only, as any user with such permissions can exploit the vulnerability. Additionally, avoid using the vulnerable versions (4.8.1 and earlier) of RuoYi and upgrade to a patched version once available. As a temporary workaround, sanitize or validate inputs on the /system/menu/edit endpoint to prevent injection of double quotes encoded as `&#34;` and ensure proper encoding of double quotes in the XSS filter. Also, avoid rendering user input with unescaped HTML (such as using `th:utext`) until the issue is fixed. [1]

Executive Summary

This vulnerability is a stored Cross-Site Scripting (XSS) issue in RuoYi versions 4.8.1 and earlier, specifically in the /system/menu/edit endpoint. Although the endpoint has an XSS filter, it can be bypassed. Because the menu is shared among all users, any user with permissions to modify the menu can exploit this vulnerability to inject malicious scripts that affect all users.

Impact Analysis

The vulnerability allows an attacker with menu modification permissions to inject malicious scripts that will be executed in the browsers of all users sharing the menu. This can lead to unauthorized actions, data theft, session hijacking, or other malicious activities affecting all users of the system.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-67342. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart