CVE-2025-46175

Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java.

Published Dec 9, 2025

https://gist.github.com/Han-tj/74d2ed84ede1909da55090fed410d288

CVSS ScoreHigh

7.5

Ecosystem	Package	Version

Ecosystem	Package	Version

Vulnerabilities

CVE-2025-46175

Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java.

Published Dec 9, 2025

https://gist.github.com/Han-tj/74d2ed84ede1909da55090fed410d288

CVSS ScoreHigh

7.5

No packages found

Try adjusting your search terms.

Ecosystem	Package	Version

No packages found

Try adjusting your search terms.

Find vulnerabilities. Fix fast with AI.

CVE-2025-46175

CVE-2025-46175

No packages found

No packages found