CVE-2025-28401
📋 TL;DR
A privilege escalation vulnerability in RUoYi v.4.8.0 allows remote attackers to gain elevated privileges by manipulating the menuId parameter. This affects systems running the vulnerable version of RUoYi, potentially enabling unauthorized access to administrative functions.
💻 Affected Systems
- RUoYi
📦 What is this software?
Ruoyi by Ruoyi
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise where an attacker gains administrative control, accesses sensitive data, and executes arbitrary commands.
Likely Case
Unauthorized privilege escalation allowing access to restricted administrative functions and data.
If Mitigated
Limited impact with proper access controls and monitoring in place.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward via parameter manipulation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v.4.8.1 or later
Vendor Advisory: https://github.com/yangzongzhuan/RuoYi
Restart Required: Yes
Instructions:
1. Backup current installation. 2. Download latest version from GitHub. 3. Replace vulnerable files. 4. Restart application server.
🔧 Temporary Workarounds
Input Validation Filter
allAdd server-side validation for menuId parameter to prevent unauthorized values.
Implement parameter validation in controller layer
🧯 If You Can't Patch
- Implement strict access controls and least privilege principles
- Monitor and audit all privilege escalation attempts
🔍 How to Verify
Check if Vulnerable:
Check application version in configuration files or admin panel.Check Version:
Check ruoyi-admin/src/main/resources/application.yml for version infoVerify Fix Applied:
Verify version is updated to 4.8.1+ and test menuId parameter validation.📡 Detection & Monitoring
Log Indicators:
- Unusual privilege escalation attempts
- Multiple failed authentication followed by success
Network Indicators:
- Suspicious parameter manipulation in HTTP requests
SIEM Query:
source="web_logs" AND (menuId="*" OR privilege="escalate")