High severityNVD Advisory· Published Apr 2, 2023· Updated Feb 18, 2025

CVE-2023-27025

Description

An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
com.ruoyi:ruoyiMaven	< 4.7.7	4.7.7

Affected products

Ruoyi/Ruoyicpe-rescue
ghsa-coords
pkg:maven/com.ruoyi/ruoyi
Range: < 4.7.7

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-h4c9-rr5m-32fmghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2023-27025ghsaADVISORY
gitee.com/y_project/RuoYi/commit/432d5ce1be2e9384a6230d7ccd8401eef5ce02b0ghsaWEB
gitee.com/y_project/RuoYi/issues/I697Q5ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000