CVE-2025-2742

Name of the Vulnerable Software and Affected Versions zhijiantianya ruoyi-vue-pro version 2.4.1

Description A critical issue exists in zhijiantianya ruoyi-vue-pro 2.4.1 related to path traversal. The issue resides in the file /admin-api/mp/material/upload-permanent within the Material Upload Interface component. Manipulation of the File argument allows for remote exploitation. The exploit for this issue has been publicly disclosed.

Recommendations Versions prior to 2.4.1 are potentially affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.