Unrated severityOSV Advisory· Published Dec 12, 2025· Updated Dec 12, 2025
CVE-2025-67342
CVE-2025-67342
Description
RuoYi versions 4.8.1 and earlier is affected by a stored XSS vulnerability in the /system/menu/edit endpoint. While the endpoint is protected by an XSS filter, the protection can be bypassed. Additionally, because the menu is shared across all users, any user with menu modification permissions can impact all users by exploiting this stored XSS vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: v2.2, v2.3, v2.4, …
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.