CVE-2025-6466

Name of the Vulnerable Software and Affected Versions: ageerle ruoyi-ai version 2.0.0

Description: A critical issue was found in the function speechToTextTranscriptionsV2/upload of the file ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/service/impl/SseServiceImpl.java. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely.

Recommendations: For version 2.0.0, upgrade to version 2.0.1 to address this issue. As a temporary workaround, consider restricting access to the speechToTextTranscriptionsV2/upload function until the upgrade is applied.