CVE-2025-10384 | yangzongzhuan RuoYi up to 4.8.1 Role cancelAll roleId/userIds improper authorization

A vulnerability described as critical has been identified in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the file /system/role/authUser/cancelAll of the component Role Handler. Executing manipulation of the argument roleId/userIds can lead to improper authorization.

This vulnerability appears as CVE-2025-10384. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More