Vulnerability Description
An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ruoyi | Ruoyi | <= 4.7.6 |
Related Weaknesses (CWE)
References
- https://gitee.com/y_project/RuoYi/commit/432d5ce1be2e9384a6230d7ccd8401eef5ce02bPermissions Required
- https://gitee.com/y_project/RuoYi/issues/I697Q5ExploitIssue Tracking
- https://gitee.com/y_project/RuoYi/commit/432d5ce1be2e9384a6230d7ccd8401eef5ce02bPermissions Required
- https://gitee.com/y_project/RuoYi/issues/I697Q5ExploitIssue Tracking
FAQ
What is CVE-2023-27025?
CVE-2023-27025 is a vulnerability with a CVSS score of 7.5 (HIGH). An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server.
How severe is CVE-2023-27025?
CVE-2023-27025 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-27025?
Check the references section above for vendor advisories and patch information. Affected products include: Ruoyi Ruoyi.