CVE-2025-0734 – This vulnerability in RuoYi up to version 4.8.0... (How to Fix)

Q: What is the severity of CVE-2025-0734?

CVE-2025-0734 has a CVSS score of 4.7 (MEDIUM). This vulnerability in RuoYi up to version 4.8.0 allows remote attackers to execute arbitrary code through deserialization in the getBeanName function of the Whitelist component. Attackers can exploit this without authentication to potentially take control of affected systems. Organizations using RuoYi versions 4.8.0 or earlier are at risk.

📋 TL;DR

This vulnerability in RuoYi up to version 4.8.0 allows remote attackers to execute arbitrary code through deserialization in the getBeanName function of the Whitelist component. Attackers can exploit this without authentication to potentially take control of affected systems. Organizations using RuoYi versions 4.8.0 or earlier are at risk.

💻 Affected Systems

Products:

y_project RuoYi

Versions: Up to and including 4.8.0

Operating Systems: All platforms running RuoYi

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments of RuoYi 4.8.0 and earlier are vulnerable by default.

📦 What is this software?

Ruoyi by Ruoyi

View all CVEs affecting Ruoyi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and lateral movement within the network.

🟠

Likely Case

Remote code execution allowing attackers to deploy malware, create backdoors, or exfiltrate sensitive data.

🟢

If Mitigated

Limited impact if proper network segmentation and application controls prevent exploitation attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available, making this easily weaponizable by attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: Yes

Instructions:

1. Monitor RuoYi project for security updates. 2. Upgrade to a patched version when available. 3. Restart application after patching.

🔧 Temporary Workarounds

Disable vulnerable endpoint

all

Block or disable the Whitelist component's getBeanName function if not required

Configuration specific to RuoYi deployment

Network segmentation

all

Restrict network access to RuoYi instances

firewall rules to limit inbound connections

🧯 If You Can't Patch

Implement strict network access controls to limit exposure
Deploy web application firewall with deserialization protection rules

🔍 How to Verify

Check if Vulnerable:

Check RuoYi version in application configuration or via version endpoint

Check Version:

Check application.properties or web interface for version information

Verify Fix Applied:

Verify version is above 4.8.0 after patching

📡 Detection & Monitoring

Log Indicators:

Unusual deserialization errors
Suspicious requests to Whitelist endpoints
Unexpected process execution

Network Indicators:

Malformed serialized objects in HTTP requests
Exploit pattern traffic to RuoYi endpoints

SIEM Query:

source="ruoyi" AND (event="deserialization" OR endpoint="whitelist")

📊 Metadata

CVE ID: CVE-2025-0734

CVSS v3 Score: 4.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-20

EPSS Score: 0.23% exploit probability (45.2th percentile)

Published: January 27, 2025

Last Updated: May 13, 2025

🔗 References

https://gist.github.com/GSBP0/3c1b0f9dbdd2a48b8f52330cfbbc279b Broken Link
https://vuldb.com/?ctiid.293512 Permissions Required,VDB Entry
https://vuldb.com/?id.293512 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.482823 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-0734, you might also want to check these: