CVE-2025-28402 – A privilege escalation vulnerability in RUoYi v... (How to Fix)

Q: What is the severity of CVE-2025-28402?

CVE-2025-28402 has a CVSS score of 9.8 (CRITICAL). A privilege escalation vulnerability in RUoYi v.4.8.0 allows remote attackers to gain elevated privileges by manipulating the jobId parameter. This affects all systems running the vulnerable version of RUoYi, potentially enabling attackers to compromise administrative functions.

📋 TL;DR

A privilege escalation vulnerability in RUoYi v.4.8.0 allows remote attackers to gain elevated privileges by manipulating the jobId parameter. This affects all systems running the vulnerable version of RUoYi, potentially enabling attackers to compromise administrative functions.

💻 Affected Systems

Products:

RUoYi

Versions: v.4.8.0

Operating Systems: Any OS running RUoYi

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects RUoYi version 4.8.0 specifically; other versions may not be vulnerable.

📦 What is this software?

Ruoyi by Ruoyi

View all CVEs affecting Ruoyi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover with administrative privileges, allowing data exfiltration, system modification, and further network compromise.

🟠

Likely Case

Unauthorized privilege escalation leading to unauthorized access to sensitive administrative functions and data.

🟢

If Mitigated

Limited impact with proper access controls and monitoring in place, potentially only affecting isolated components.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires some level of initial access but is straightforward once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v.4.8.1 or later

Vendor Advisory: https://github.com/yangzongzhuan/RuoYi

Restart Required: Yes

Instructions:

1. Backup current installation. 2. Download latest version from official repository. 3. Replace vulnerable files with patched version. 4. Restart application server.

🔧 Temporary Workarounds

Parameter Validation

all

Implement strict input validation for jobId parameter to prevent malicious values.

Modify jobId parameter handling to validate against allowed values

Access Restriction

all

Restrict access to vulnerable endpoints using network controls or WAF rules.

Configure firewall/WAF to block unauthorized access to job-related endpoints

🧯 If You Can't Patch

Implement strict network segmentation to isolate RUoYi systems
Enable detailed logging and monitoring for privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check RUoYi version in application configuration or about page; if version is exactly 4.8.0, system is vulnerable.

Check Version:

Check application configuration file or web interface for version information

Verify Fix Applied:

Verify version is updated to 4.8.1 or later and test jobId parameter manipulation attempts fail.

📡 Detection & Monitoring

Log Indicators:

Unusual privilege escalation attempts
Multiple failed authentication attempts followed by successful privileged access
Suspicious jobId parameter values in request logs

Network Indicators:

Unusual traffic patterns to job-related endpoints
Requests with manipulated jobId parameters

SIEM Query:

source="ruoyi_logs" AND (jobId="*malicious*" OR "privilege escalation")

📊 Metadata

CVE ID: CVE-2025-28402

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-284

EPSS Score: 0.98% exploit probability (76.3th percentile)

Published: April 7, 2025

Last Updated: April 9, 2025

🔗 References

https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28402.md Exploit,Third Party Advisory
https://github.com/yangzongzhuan/RuoYi Product
https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28402.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-28402, you might also want to check these: