Privilege Escalation Vulnerability in Ruoyi by Y Project
CVE-2025-56396

8.8HIGH

Key Information:

Vendor: Y Project
Status: Ruoyi
Vendor: CVE Published:; 26 November 2025

What is CVE-2025-56396?

A vulnerability exists in Ruoyi version 4.8.1 that allows attackers to gain escalated privileges through improper handling of access rights. Specifically, the issue arises when the owning department possesses higher rights than the currently active user. This misconfiguration can be exploited to grant unauthorized users elevated permissions, compromising system integrity and security.

References

https://gitee.com/y_project/RuoYi/issues/ICJ865

https://gist.github.com/Han-tj/22cfd18fa9f116bb886e8e5678...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 26, 2025
Vulnerability Reserved
Aug 16, 2025

JSON