CVE-2025-28405 – A privilege escalation vulnerability in RUoYi v... (How to Fix)

Q: What is the severity of CVE-2025-28405?

CVE-2025-28405 has a CVSS score of 9.8 (CRITICAL). A privilege escalation vulnerability in RUoYi v.4.8.0 allows remote attackers to gain elevated privileges through the changeStatus method. This affects all systems running the vulnerable version of RUoYi, potentially enabling unauthorized administrative access.

📋 TL;DR

A privilege escalation vulnerability in RUoYi v.4.8.0 allows remote attackers to gain elevated privileges through the changeStatus method. This affects all systems running the vulnerable version of RUoYi, potentially enabling unauthorized administrative access.

💻 Affected Systems

Products:

RUoYi

Versions: v.4.8.0

Operating Systems: Any OS running RUoYi

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments of RUoYi v.4.8.0 are vulnerable regardless of configuration.

📦 What is this software?

Ruoyi by Ruoyi

View all CVEs affecting Ruoyi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with administrative control, data exfiltration, and potential lateral movement to other systems.

🟠

Likely Case

Unauthorized privilege escalation leading to data manipulation, configuration changes, and further exploitation of the compromised system.

🟢

If Mitigated

Limited impact with proper access controls, network segmentation, and monitoring in place.

🌐 Internet-Facing: HIGH - Remote exploitation capability makes internet-facing instances particularly vulnerable.

🏢 Internal Only: HIGH - Internal attackers or compromised accounts can exploit this vulnerability to escalate privileges.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires some level of access but is straightforward once initial access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v.4.8.1 or later

Vendor Advisory: https://github.com/yangzongzhuan/RuoYi

Restart Required: Yes

Instructions:

1. Backup current configuration and data. 2. Download latest version from official repository. 3. Replace vulnerable files with patched version. 4. Restart application server. 5. Verify functionality.

🔧 Temporary Workarounds

Access Control Restriction

linux

Restrict access to the changeStatus endpoint using network controls or application firewalls.

# Configure firewall rules to block access to vulnerable endpoint
# Example: iptables -A INPUT -p tcp --dport [app_port] -m string --string "changeStatus" --algo bm -j DROP

Authentication Enhancement

all

Implement additional authentication checks before allowing changeStatus operations.

# Modify application code to add multi-factor authentication for privilege changes

🧯 If You Can't Patch

Implement strict network segmentation to isolate RUoYi instances
Enable detailed logging and monitoring for privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check application version in configuration files or via admin interface. Look for version 4.8.0.

Check Version:

grep -r "version" /path/to/ruoyi/config/ || check admin dashboard

Verify Fix Applied:

Verify version is updated to 4.8.1 or later. Test changeStatus functionality with non-admin accounts.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access to changeStatus method
Multiple failed privilege escalation attempts
Successful privilege changes from non-admin accounts

Network Indicators:

Unusual HTTP POST requests to changeStatus endpoint
Traffic patterns indicating privilege escalation attempts

SIEM Query:

source="ruoyi_logs" AND (method="changeStatus" AND user_role!="admin")

📊 Metadata

CVE ID: CVE-2025-28405

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-284

EPSS Score: 0.98% exploit probability (76.3th percentile)

Published: April 7, 2025

Last Updated: April 9, 2025

🔗 References

https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28405.md Exploit,Third Party Advisory
https://github.com/yangzongzhuan/RuoYi Product
https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28405.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-28405, you might also want to check these: