CVE-2025-3199 — HIGH (7.3) — White Hats Nepal

Q: How severe is CVE-2025-3199?

CVE-2025-3199 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-3199?

Check the references section above for vendor advisories and patch information. Affected products include: Pandarobot Ruoyi Ai.

Vulnerability Description

A vulnerability was found in ageerle ruoyi-ai up to 2.0.1 and classified as critical. Affected by this issue is some unknown functionality of the file ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/controller/system/SysModelController.java of the component API Interface. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.2 is able to address this issue. The name of the patch is c0daf641fb25b244591b7a6c3affa35c69d321fe. It is recommended to upgrade the affected component.

CVSS Score

7.3

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Pandarobot	Ruoyi Ai	< 2.0.2

Related Weaknesses (CWE)

CWE-266 CWE-285

References

https://github.com/Tr0e/CVE_Hunter/blob/main/ruoyi-ai/ruoyi-ai_UnauthorizedAccesExploitThird Party Advisory
https://github.com/ageerle/ruoyi-ai/issues/43ExploitIssue Tracking
https://github.com/ageerle/ruoyi-ai/issues/43#issuecomment-2763091490Issue Tracking
https://github.com/ageerle/ruoyi-ai/releases/tag/v2.0.2Release Notes
https://github.com/gwozai/ruoyi-ai/commit/c0daf641fb25b244591b7a6c3affa35c69d321Patch
https://vuldb.com/?ctiid.303152Permissions RequiredVDB Entry
https://vuldb.com/?id.303152Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.545830Third Party AdvisoryVDB Entry
https://github.com/Tr0e/CVE_Hunter/blob/main/ruoyi-ai/ruoyi-ai_UnauthorizedAccesExploitThird Party Advisory

FAQ

What is CVE-2025-3199?

CVE-2025-3199 is a vulnerability with a CVSS score of 7.3 (HIGH). A vulnerability was found in ageerle ruoyi-ai up to 2.0.1 and classified as critical. Affected by this issue is some unknown functionality of the file ruoyi-modules/ruoyi-system/src/main/java/org/ruoy...

How severe is CVE-2025-3199?

CVE-2025-3199 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-3199?

Check the references section above for vendor advisories and patch information. Affected products include: Pandarobot Ruoyi Ai.