cvedb.io
CVE-2025-67342
MEDIUM · CVSS 4.6
EPSS exploitation probability: 0%
Published 2025-12-12T17:15:45.477 · Last modified 2026-06-17T09:57:37.833

Summary

RuoYi versions 4.8.1 and earlier is affected by a stored XSS vulnerability in the /system/menu/edit endpoint. While the endpoint is protected by an XSS filter, the protection can be bypassed. Additionally, because the menu is shared across all users, any user with menu modification permissions can impact all users by exploiting this stored XSS vulnerability.

Affected products

ruoyi — ruoyi

Does this affect you?

Add your gear to cvedb and we'll alert you only when ruoyi ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.