CVE-2025-10276 | YunaiV ruoyi-vue-pro up to 2025.09 /crm/contract/transfer id/newOwnerUserId improper authorization

A vulnerability was found in YunaiV ruoyi-vue-pro up to 2025.09. It has been rated as critical. This vulnerability affects unknown code of the file /crm/contract/transfer. The manipulation of the argument id/newOwnerUserId leads to improper authorization.

This vulnerability is referenced as CVE-2025-10276. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More