Privilege Escalation Vulnerability in Ruoyi by Y Project
CVE-2025-56396

8.8HIGH

Key Information:

Vendor: Y Project
Status: Ruoyi
Vendor: CVE Published:; 26 November 2025

What is CVE-2025-56396?

A vulnerability exists in Ruoyi version 4.8.1 that allows attackers to gain escalated privileges through improper handling of access rights. Specifically, the issue arises when the owning department possesses higher rights than the currently active user. This misconfiguration can be exploited to grant unauthorized users elevated permissions, compromising system integrity and security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://gitee.com/y_project/RuoYi/issues/ICJ865

https://gist.github.com/Han-tj/22cfd18fa9f116bb886e8e5678...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 26, 2025
Vulnerability Reserved
Aug 16, 2025

JSON

Y Project

What is CVE-2025-56396?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.