Path Traversal Vulnerability in zhijiantianya Ruoyi-Vue-Pro Backend File Upload Interface
CVE-2025-2708

5.4MEDIUM

Key Information:

Vendor: zhijiantianya
Status: Ruoyi-Vue-Pro
Vendor: CVE Published:; 24 March 2025

🔔 Create zhijiantianya Vulnerability Alert

What is CVE-2025-2708?

A path traversal vulnerability exists in the zhijiantianya Ruoyi-Vue-Pro 2.4.1 application, specifically in the Backend File Upload Interface. Malicious users could exploit this weakness to manipulate the argument path, potentially allowing unauthorized access to restricted directories and files. This vulnerability can be exploited remotely, making it a significant concern for users of the affected product. Despite the responsible disclosure of this issue to the vendor, no corrective measures have been implemented to date.

References

https://github.com/uglory-gll/javasec/blob/main/ruoyi-vue...

https://vuldb.com/?ctiid.300729

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 24, 2025