top of page
perceptive_background_267k.jpg

Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access sensitive department data.

Published:

22 januari 2026 om 23:00:00

Alert date:

23 januari 2026 om 21:02:30

Source:

nvd.nist.gov

Click to open the original link from this advisory

Enterprise Applications, Identity & Access

CVE-2025-70986 is an incorrect access control vulnerability in the selectDept function of RuoYi v4.8.2. This security flaw allows unauthorized attackers to arbitrarily access sensitive department data without proper authentication or authorization. The vulnerability affects the popular RuoYi framework, which is widely used for enterprise application development. The issue has been documented with proof-of-concept code and is being tracked in the project's issue tracker. Organizations using RuoYi v4.8.2 should assess their exposure and consider upgrading to a patched version when available.

Technical details

Mitigation steps:

Affected products:

RuoYi

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2025-70986
https://gist.github.com/old6ma/779320a98f361c299ca024521cb72db6
https://gitee.com/y_project/RuoYi
https://gitee.com/y_project/RuoYi/issues/IDIDME
https://github.com/yangzongzhuan/RuoYi

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page