CVE-2025-2040

Name of the Vulnerable Software and Affected Versions ruoyi-vue-pro version 2.4.1

Description A critical issue was discovered in the /admin-api/bpm/model/deploy file, affecting an unknown functionality. This issue leads to improper neutralization of special elements used in a template engine, allowing for remote attacks.

Recommendations For version 2.4.1, consider restricting access to the /admin-api/bpm/model/deploy endpoint until a fix is available. As a temporary workaround, review and sanitize any user-input data used in template engines to minimize the risk of exploitation.