CVE-2025-28410 – A privilege escalation vulnerability in RUoYi v... (How to Fix)

Q: What is the severity of CVE-2025-28410?

CVE-2025-28410 has a CVSS score of 9.8 (CRITICAL). A privilege escalation vulnerability in RUoYi v.4.8.0 allows remote attackers to gain administrative privileges. The cancelAuthUserAll method fails to properly validate whether the requesting user has administrative permissions before executing privileged operations. This affects all deployments running the vulnerable version of RUoYi.

📋 TL;DR

A privilege escalation vulnerability in RUoYi v.4.8.0 allows remote attackers to gain administrative privileges. The cancelAuthUserAll method fails to properly validate whether the requesting user has administrative permissions before executing privileged operations. This affects all deployments running the vulnerable version of RUoYi.

💻 Affected Systems

Products:

RUoYi

Versions: v.4.8.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects RUoYi version 4.8.0. Other versions may be unaffected but should be verified.

📦 What is this software?

Ruoyi by Ruoyi

View all CVEs affecting Ruoyi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise where an attacker gains administrative control, can modify all user permissions, access sensitive data, and potentially execute arbitrary code.

🟠

Likely Case

Unauthorized privilege escalation allowing attackers to modify user roles, access administrative functions, and potentially pivot to other systems.

🟢

If Mitigated

Limited impact with proper network segmentation and least privilege principles, though administrative functions remain at risk.

🌐 Internet-Facing: HIGH - Web applications are typically internet-facing, and this vulnerability requires only network access to exploit.

🏢 Internal Only: HIGH - Even internal attackers or compromised accounts can exploit this to gain administrative privileges.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but minimal technical skill. Public references suggest exploit details are available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check RUoYi repository for latest version > 4.8.0

Vendor Advisory: https://github.com/yangzongzhuan/RuoYi

Restart Required: Yes

Instructions:

1. Backup current installation. 2. Download latest RUoYi version from official repository. 3. Replace vulnerable files with patched version. 4. Restart application server. 5. Verify functionality.

🔧 Temporary Workarounds

Disable cancelAuthUserAll endpoint

all

Temporarily disable or restrict access to the vulnerable method endpoint

Modify application configuration to block /cancelAuthUserAll endpoint

Implement additional authentication layer

all

Add secondary authentication check for administrative functions

Implement middleware or filter to validate admin privileges before method execution

🧯 If You Can't Patch

Implement strict network access controls to limit who can access the RUoYi application
Enable detailed logging and monitoring for privilege escalation attempts and review logs regularly

🔍 How to Verify

Check if Vulnerable:

Check application version in configuration files or via version endpoint. If version is 4.8.0, system is vulnerable.

Check Version:

Check application.properties or similar configuration file for version information

Verify Fix Applied:

After patching, test that cancelAuthUserAll method properly validates administrative privileges before execution.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access to cancelAuthUserAll method
Multiple privilege escalation attempts
User role changes from non-admin to admin

Network Indicators:

HTTP requests to cancelAuthUserAll endpoint from non-admin users
Unusual pattern of administrative function access

SIEM Query:

source="ruoyi_app" AND (uri="/cancelAuthUserAll" OR message="privilege escalation")

📊 Metadata

CVE ID: CVE-2025-28410

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-284

EPSS Score: 0.98% exploit probability (76.3th percentile)

Published: April 7, 2025

Last Updated: April 9, 2025

🔗 References

https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28409.md Exploit,Third Party Advisory
https://github.com/yangzongzhuan/RuoYi Product
https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28409.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-28410, you might also want to check these: