CVE-2025-46175 | y_project RuoYi 4.8.0 SysUserController.java authRole access control

November 26, 2025 Yanac

A vulnerability categorized as critical has been discovered in y_project RuoYi 4.8.0. The affected element is the function authRole of the file SysUserController.java. Such manipulation leads to improper access controls.

This vulnerability is traded as CVE-2025-46175. The attack may be launched remotely. There is no exploit available.VulDB Recent EntriesRead More

CVE-2025-63938 | Tinyproxy up to 1.11.2 src/reqs.c strip_return_port integer overflow
CVE-2025-65239 | OpenCode USSD Gateway OC 6.13.11 /aux1/ocussd/trace access control