CVE-2025-10989 | yangzongzhuan RuoYi up to 4.8.1 selectAll userIds improper authorization

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been classified as critical. This vulnerability affects unknown code of the file /system/role/authUser/selectAll. Performing manipulation of the argument userIds results in improper authorization.

This vulnerability is identified as CVE-2025-10989. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More