CVE-2023-27025 – com.ruoyi:ruoyi

Package

Manager: maven
Name: com.ruoyi:ruoyi
Vulnerable Version: >=0 <4.7.7

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00066 pctl0.20954

Details

RuoYi vulnerable to arbitrary file download An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server.

Metadata

Created: 2023-04-02T03:30:16Z
Modified: 2025-07-16T19:24:22Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-h4c9-rr5m-32fm/GHSA-h4c9-rr5m-32fm.json
CWE IDs: ["CWE-494"]
Alternative ID: GHSA-h4c9-rr5m-32fm
Finding: F086
Auto approve: 1