CVE-2025-10278 | YunaiV ruoyi-vue-pro up to 2025.09 /crm/contact/transfer ids/newOwnerUserId improper authorization

A vulnerability identified as critical has been detected in YunaiV ruoyi-vue-pro up to 2025.09. Impacted is an unknown function of the file /crm/contact/transfer. This manipulation of the argument ids/newOwnerUserId causes improper authorization.

This vulnerability is tracked as CVE-2025-10278. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More