CVE-2025-70985 – This vulnerability in RuoYi v4.8.2 allows unaut... (How to Fix)

Q: What is the severity of CVE-2025-70985?

CVE-2025-70985 has a CVSS score of 9.1 (CRITICAL). This vulnerability in RuoYi v4.8.2 allows unauthorized attackers to modify data they shouldn't have access to due to improper access control in the update function. Any organization using the vulnerable version of RuoYi is affected, potentially exposing sensitive data to unauthorized modification.

📋 TL;DR

This vulnerability in RuoYi v4.8.2 allows unauthorized attackers to modify data they shouldn't have access to due to improper access control in the update function. Any organization using the vulnerable version of RuoYi is affected, potentially exposing sensitive data to unauthorized modification.

💻 Affected Systems

Products:

RuoYi

Versions: v4.8.2

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default configuration of RuoYi v4.8.2. Any deployment using this version is vulnerable.

📦 What is this software?

Ruoyi by Ruoyi

View all CVEs affecting Ruoyi →

Ruoyi by Ruoyi

View all CVEs affecting Ruoyi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could modify critical system data, user permissions, or sensitive business information, leading to data integrity loss, privilege escalation, or system compromise.

🟠

Likely Case

Unauthorized users modifying data outside their authorized scope, potentially altering configuration settings, user data, or application content.

🟢

If Mitigated

With proper access controls and input validation, impact would be limited to authorized data modifications only.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

The vulnerability requires some level of access but has public proof-of-concept available, making exploitation straightforward for attackers with basic access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check RuoYi repository for latest version

Vendor Advisory: https://gitee.com/y_project/RuoYi/issues/IDIDK2

Restart Required: Yes

Instructions:

1. Check RuoYi repository for latest version
2. Update to patched version
3. Restart application server
4. Verify access controls are properly implemented

🔧 Temporary Workarounds

Implement strict access controls

all

Add additional authorization checks before update operations

Input validation enhancement

all

Implement strict input validation and parameter checking for update functions

🧯 If You Can't Patch

Implement network segmentation to isolate RuoYi systems
Deploy web application firewall with strict access control rules

🔍 How to Verify

Check if Vulnerable:

Check RuoYi version in application configuration or via version endpoint

Check Version:

Check application.properties or web interface for version information

Verify Fix Applied:

Test update functions with unauthorized user accounts to ensure proper access controls

📡 Detection & Monitoring

Log Indicators:

Unauthorized update attempts
Failed authorization logs for update operations
Suspicious data modification patterns

Network Indicators:

Unusual update request patterns
Requests bypassing normal authorization flows

SIEM Query:

search 'update' AND 'unauthorized' OR 'access denied' in application logs

📊 Metadata

CVE ID: CVE-2025-70985

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-284

EPSS Score: 0.01% exploit probability (1.8th percentile)

Published: January 23, 2026

Last Updated: January 30, 2026

🔗 References

https://gist.github.com/old6ma/1a2dada02656ba9a4730c85f6c765f4f Third Party Advisory
https://gitee.com/y_project/RuoYi Product
https://gitee.com/y_project/RuoYi/issues/IDIDK2 Exploit,Issue Tracking
https://github.com/yangzongzhuan/RuoYi Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-70985, you might also want to check these: