Unrated severityOSV Advisory· Published Jan 8, 2026· Updated Jan 8, 2026
CVE-2025-66916
CVE-2025-66916
Description
The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job/workflow/check-node-expression can execute QLExpress expressions, but it does not filter user input, allowing attackers to use the File class to perform arbitrary file reading and writing.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: v5.0.0, v5.1.0, v5.2.1, …
- Range: <=5.5.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.