VYPR
Medium severity6.3NVD Advisory· Published Sep 10, 2025· Updated Jun 17, 2026

CVE-2025-10218

CVE-2025-10218

Description

A flaw has been found in lostvip-com ruoyi-go 2.1. This affects the function SelectListPage of the file modules/system/dao/SysRoleDao.go of the component Background Management Page. This manipulation of the argument sortName causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected products

2
  • Lostvip/Ruoyi Go2 versions
    cpe:2.3:a:lostvip:ruoyi-go:2.1:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:lostvip:ruoyi-go:2.1:*:*:*:*:*:*:*
    • (no CPE)range: =2.1

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.