CVE-2025-70986 – This vulnerability in RuoYi v4.8.2 allows unaut... (How to Fix)

Q: What is the severity of CVE-2025-70986?

CVE-2025-70986 has a CVSS score of 7.5 (HIGH). This vulnerability in RuoYi v4.8.2 allows unauthorized attackers to bypass access controls in the selectDept function, enabling them to access sensitive department data without proper authentication. Any organization using the vulnerable version of RuoYi is affected, particularly those with internet-facing deployments.

📋 TL;DR

This vulnerability in RuoYi v4.8.2 allows unauthorized attackers to bypass access controls in the selectDept function, enabling them to access sensitive department data without proper authentication. Any organization using the vulnerable version of RuoYi is affected, particularly those with internet-facing deployments.

💻 Affected Systems

Products:

RuoYi

Versions: v4.8.2

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only RuoYi v4.8.2 is confirmed affected; other versions may also be vulnerable but not confirmed.

📦 What is this software?

Ruoyi by Ruoyi

View all CVEs affecting Ruoyi →

Ruoyi by Ruoyi

View all CVEs affecting Ruoyi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could exfiltrate all department data including organizational structure, employee assignments, and potentially sensitive business information, leading to data breach and compliance violations.

🟠

Likely Case

Unauthorized access to department hierarchies and associated metadata, potentially exposing internal organizational structure and relationships.

🟢

If Mitigated

Proper access controls would limit data exposure to authorized users only, preventing unauthorized data access.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability appears to be an access control bypass that can be exploited without authentication via the selectDept function.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://gitee.com/y_project/RuoYi/issues/IDIDME

Restart Required: No

Instructions:

1. Monitor the RuoYi repository for security updates. 2. Apply any available patches from the official vendor. 3. Test the patch in a non-production environment first.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to RuoYi application to authorized IP addresses only

Authentication Enforcement

all

Implement additional authentication layer before the selectDept function

🧯 If You Can't Patch

Implement network segmentation to isolate RuoYi from internet access
Deploy web application firewall (WAF) with rules to detect and block unauthorized access attempts to department data endpoints

🔍 How to Verify

Check if Vulnerable:

Check if RuoYi version is 4.8.2 by examining application version in admin interface or configuration files

Check Version:

Check application.properties or similar configuration files for version information

Verify Fix Applied:

Test if unauthorized users can access department data through the selectDept function after applying any available patches

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to selectDept endpoint
Multiple failed authentication attempts followed by successful department data access

Network Indicators:

Unusual traffic patterns to department data endpoints from unauthenticated sources

SIEM Query:

source="ruoyi-logs" AND (uri="*selectDept*" OR endpoint="*selectDept*") AND user="anonymous" OR auth_status="failed"

📊 Metadata

CVE ID: CVE-2025-70986

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-284

EPSS Score: 0.01% exploit probability (2th percentile)

Published: January 23, 2026

Last Updated: January 30, 2026

🔗 References

https://gist.github.com/old6ma/779320a98f361c299ca024521cb72db6 Third Party Advisory
https://gitee.com/y_project/RuoYi Product
https://gitee.com/y_project/RuoYi/issues/IDIDME Issue Tracking,Exploit
https://github.com/yangzongzhuan/RuoYi Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-70986, you might also want to check these: