CVE-2025-6925

Name of the Vulnerable Software and Affected Versions: Dromara RuoYi-Vue-Plus version 5.4.0

Description: A critical issue has been discovered, affecting an unknown functionality of the file /src/main/java/org/dromara/demo/controller/MailController.java of the component Mail Handler. The manipulation of the filePath argument leads to path traversal. This issue can be exploited remotely.

Recommendations: For Dromara RuoYi-Vue-Plus version 5.4.0, as a temporary workaround, consider restricting access to the Mail Handler component to minimize the risk of exploitation. Avoid using the filePath argument in the affected functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.