CVE-2025-0734

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions y project RuoYi versions up to 4.8.0

Description A critical issue has been found in the Whitelist component, specifically affecting the getBeanName function. This issue leads to deserialization and can be initiated remotely. The exploit has been publicly disclosed, and the vendor was contacted but did not respond.

Recommendations y project RuoYi versions up to 4.8.0: Update the Whitelist component to prevent deserialization attacks by fixing the getBeanName function.

Exploit

Fix

Deserialization of Untrusted Data

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502CWE-20

Related Identifiers

CVE-2025-0734

Affected Products

Y Project Ruoyi

CVE-2025-0734

Weakness Enumeration

Related Identifiers

Affected Products

References · 10