CVE-2025-70986
BaseFortify
Publication date: 2026-01-23
Last updated on: 2026-01-30
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ruoyi | ruoyi | 4.8.1 |
| ruoyi | ruoyi | 4.8.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-70986 is an access control vulnerability in the selectDept function of the RuoYi project. This function allows unauthorized users to access sensitive department data because it lacks proper permission checks that are present in other similar interfaces. Specifically, the selectDeptTree method does not enforce the @RequirePermission annotation, which normally restricts access to authorized users only. As a result, attackers can bypass authorization controls and view department-related information they should not have access to. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive department data within the RuoYi system. Attackers exploiting this flaw can access confidential organizational information without proper permissions, potentially leading to information leakage, privacy violations, and increased risk of further attacks due to exposed internal data. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by attempting to access the vulnerable endpoint without proper authorization and observing if sensitive department data is returned. Specifically, test HTTP GET requests to the endpoints /selectDeptTree/{deptId} or /selectDeptTree/{deptId}/{excludeId} on the RuoYi v4.8.2 system. For example, use curl commands like: curl -i -X GET http://<target>/selectDeptTree/1 to see if department data is accessible without authentication or permission checks. If data is returned without requiring permissions, the vulnerability is present. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the /selectDeptTree endpoints by implementing proper permission checks similar to other department-related interfaces. This can be done by adding authorization annotations such as @RequirePermission("system:dept:edit") to the selectDeptTree method to enforce access control. Additionally, restrict access at the network or application firewall level to prevent unauthorized users from reaching these endpoints until a patch or update is applied. [1, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthorized access to sensitive department data due to missing permission checks, which could lead to unauthorized disclosure of sensitive information. This unauthorized data access may result in non-compliance with data protection regulations such as GDPR and HIPAA that require strict access controls to protect sensitive information. [1, 2]