CVE-2025-56396HIGH 8.8EPSS p18.8%

CVE-2025-56396CVE-2025-56396

Description

An issue was discovered in Ruoyi 4.8.1 allowing attackers to gain escalated privileges due to the owning department having higher rights than the active user.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.27% probability of exploitation · percentile 18.8% · 2026-06-19T12:03:05Z
Published2025-11-26
Last modified2025-12-04

Underlying weaknesses· 1

CWE-284

References

  1. https://gist.github.com/Han-tj/22cfd18fa9f116bb886e8e56782f6865
  2. https://gitee.com/y_project/RuoYi/issues/ICJ865

1

TypeTargetConfidenceTier
WeaknessImproper Access Controlcwe-2840%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-28405
CVE
CVE-2025-28408
CVE
CVE-2025-28410
CVE
CVE-2025-28406
CVE
CVE-2025-28412
CVE
CVE-2025-28413
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.