CVE-2024-57439 – This vulnerability in RuoYi v4.8.0 allows admin... (How to Fix)

Q: What is the severity of CVE-2024-57439?

CVE-2024-57439 has a CVSS score of 4.9 (MEDIUM). This vulnerability in RuoYi v4.8.0 allows administrators to cause a Denial of Service (DoS) by duplicating login names during password resets. The attack requires admin privileges and affects systems running the vulnerable version of RuoYi, a popular Chinese open-source management system.

📋 TL;DR

This vulnerability in RuoYi v4.8.0 allows administrators to cause a Denial of Service (DoS) by duplicating login names during password resets. The attack requires admin privileges and affects systems running the vulnerable version of RuoYi, a popular Chinese open-source management system.

💻 Affected Systems

Products:

RuoYi

Versions: v4.8.0

Operating Systems: All platforms running RuoYi

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with admin accounts that could be compromised or misused. The vulnerability is in the reset password interface specifically.

📦 What is this software?

Ruoyi by Ruoyi

View all CVEs affecting Ruoyi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system unavailability due to DoS, preventing legitimate users from accessing the RuoYi management interface and potentially disrupting business operations.

🟠

Likely Case

Temporary service disruption affecting the RuoYi interface, requiring administrator intervention to restore normal operations.

🟢

If Mitigated

Minimal impact if proper access controls limit admin privileges to trusted personnel only.

🌐 Internet-Facing: MEDIUM - Internet-facing RuoYi instances are vulnerable if admin credentials are compromised, but exploitation requires admin access.

🏢 Internal Only: MEDIUM - Internal systems are vulnerable to malicious insiders or compromised admin accounts, but requires privileged access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires admin privileges. Public proof-of-concept exists in GitHub repositories demonstrating the duplication attack.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v4.8.1 or later

Vendor Advisory: https://gitee.com/y_project/RuoYi

Restart Required: Yes

Instructions:

1. Backup current RuoYi installation and database. 2. Download latest version from official repository. 3. Replace vulnerable files with patched version. 4. Restart application server. 5. Verify functionality.

🔧 Temporary Workarounds

Restrict Admin Access

all

Limit admin privileges to only essential, trusted personnel and implement strong authentication controls.

Monitor Password Reset Activity

all

Implement logging and alerting for unusual password reset patterns or duplicate login name attempts.

🧯 If You Can't Patch

Implement strict access controls and monitoring for admin accounts
Deploy network segmentation to isolate RuoYi systems from critical infrastructure

🔍 How to Verify

Check if Vulnerable:

Check RuoYi version in system settings or by examining application files. Version 4.8.0 is vulnerable.

Check Version:

Check application.properties or system info page in RuoYi admin interface

Verify Fix Applied:

Verify version is 4.8.1 or later and test password reset functionality with admin privileges to ensure no duplicate login names can be created.

📡 Detection & Monitoring

Log Indicators:

Multiple password reset attempts for same user
Duplicate login name creation attempts
Unusual admin activity patterns

Network Indicators:

Increased HTTP requests to password reset endpoints
Unusual admin interface access patterns

SIEM Query:

source="ruoyi_logs" AND (event="password_reset" AND count>threshold) OR (message="duplicate login" OR message="username conflict")

📊 Metadata

CVE ID: CVE-2024-57439

CVSS v3 Score: 4.9 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-281

EPSS Score: 0.31% exploit probability (53.9th percentile)

Published: January 29, 2025

Last Updated: May 14, 2025

🔗 References

https://gitee.com/y_project/RuoYi Product
https://github.com/peccc/restful_vul/blob/main/ruoyi_dos/ruoyi_dos.md Exploit,Third Party Advisory
https://github.com/yangzongzhuan/RuoYi Product
https://ruoyi.vip/ Product
https://github.com/peccc/restful_vul/blob/main/ruoyi_dos/ruoyi_dos.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-57439, you might also want to check these: