Incorrect access control in the update function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily modify data outside of their scope.

CVE-2025-70985 is a critical access control vulnerability in RuoYi v4.8.2, a Java-based enterprise management framework. The vulnerability exists in the update function and allows unauthorized attackers to arbitrarily modify data outside of their permitted scope. This represents a significant security flaw that could allow privilege escalation and unauthorized data manipulation. The vulnerability affects the access control mechanisms that should restrict users to only modify data within their authorized boundaries. Given the widespread use of RuoYi in enterprise environments, this vulnerability poses a high risk to organizational data integrity and security.