CVE-2025-0734

MEDIUM

y_project RuoYi <4.8.0 - Deserialization

Title source: llm

Description

A vulnerability has been found in y_project RuoYi up to 4.8.0 and classified as critical. This vulnerability affects the function getBeanName of the component Whitelist. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

Scores

CVSS v3 4.7
EPSS 0.0024
EPSS Percentile 47.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Classification

CWE
CWE-502 CWE-20
Status published

Affected Products (1)

ruoyi/ruoyi < 4.8.0

Timeline

Published Jan 27, 2025
Tracked Since Feb 18, 2026