CVE-2023-27025

HIGH

RuoYi <4.7.6 - Info Disclosure

Title source: llm

Description

An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server.

Exploits (1)

gitee 47,892 stars

by y_project · javawriteup

https://gitee.com/y_project/RuoYi/issues/I697Q5

View on gitee

References (2)

[Permissions Required] https://gitee.com/y_project/RuoYi/commit/432d5ce1be2e9384a6230d7ccd8401eef5ce02b0

View Writeup ZIP pw:eip

[Exploit, Issue Tracking] https://gitee.com/y_project/RuoYi/issues/I697Q5

Scores

CVSS v3 7.5

EPSS 0.0014

EPSS Percentile 34.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-494

Status published

Products (2)

com.ruoyi/ruoyi 0 - 4.7.7Maven

ruoyi/ruoyi < 4.7.6

Published Apr 02, 2023

Tracked Since Feb 18, 2026