Vulnerability Description
A vulnerability classified as critical has been found in ageerle ruoyi-ai up to 2.0.0. Affected is an unknown function of the file ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/controller/system/SysNoticeController.java. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.1 is able to address this issue. The name of the patch is 6382e177bf90cc56ff70521842409e35c50df32d. It is recommended to upgrade the affected component.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ageerle | Ruoyi-Ai | < 2.0.1 |
Related Weaknesses (CWE)
References
- https://github.com/Tr0e/CVE_Hunter/blob/main/ruoyi-ai/ruoyi-ai_UnauthorizedAccesExploitThird Party Advisory
- https://github.com/ageerle/ruoyi-ai/commit/6382e177bf90cc56ff70521842409e35c50dfPatch
- https://github.com/ageerle/ruoyi-ai/issues/44#issue-2957771318ExploitIssue Tracking
- https://github.com/ageerle/ruoyi-ai/releases/tag/v2.0.1Release Notes
- https://vuldb.com/?ctiid.303156Permissions RequiredVDB Entry
- https://vuldb.com/?id.303156Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.545866Third Party AdvisoryVDB Entry
- https://github.com/Tr0e/CVE_Hunter/blob/main/ruoyi-ai/ruoyi-ai_UnauthorizedAccesExploitThird Party Advisory
FAQ
What is CVE-2025-3202?
CVE-2025-3202 is a vulnerability with a CVSS score of 7.3 (HIGH). A vulnerability classified as critical has been found in ageerle ruoyi-ai up to 2.0.0. Affected is an unknown function of the file ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/controller/...
How severe is CVE-2025-3202?
CVE-2025-3202 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-3202?
Check the references section above for vendor advisories and patch information. Affected products include: Ageerle Ruoyi-Ai.