exploitDog

CVE-2025-2040

Опубликовано: 06 мар. 2025

Источник: nvd

CVSS3: 6.3

CVSS2: 6.5

EPSS Низкий

Описание

A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected by this vulnerability is an unknown functionality of the file /admin-api/bpm/model/deploy. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Ссылки

https://github.com/uglory-gll/javasec/blob/main/ruoyi-vue-pro.md
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.298783
Permissions Required
VDB Entry
https://vuldb.com/?id.298783
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.512574
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:iocoder:ruoyi-vue-pro:2.4.1:*:*:*:*:*:*:*

EPSS

Процентиль: 31%

0.00115

Низкий

6.3 Medium

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-791

Связанные уязвимости

GHSA-hv2c-wf43-5v98

CVSS3: 6.3

github

11 месяцев назад

A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected by this vulnerability is an unknown functionality of the file /admin-api/bpm/model/deploy. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

EPSS

Процентиль: 31%

0.00115

Низкий

6.3 Medium

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-791