ByteOS Network

Vulnerability Details :

CVE-2025-4819

Assigner-VulDB

Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5

Published At-17 May, 2025 | 06:00

Updated At-19 May, 2025 | 15:24

y_project RuoYi Offline Logout batchForceLogout improper authorization

A vulnerability classified as problematic has been found in y_project RuoYi 4.8.0. Affected is an unknown function of the file /monitor/online/batchForceLogout of the component Offline Logout. The manipulation of the argument ids leads to improper authorization. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:VulDB

Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5

Published At:17 May, 2025 | 06:00

Updated At:19 May, 2025 | 15:24

▼CVE Numbering Authority (CNA)

y_project RuoYi Offline Logout batchForceLogout improper authorization

Affected Products

Vendor

Ruoyi

Product

RuoYi

Modules

Offline Logout

Versions

Affected

4.8.0

Problem Types

Type	CWE ID	Description
CWE	CWE-285	Improper Authorization
CWE	CWE-266	Incorrect Privilege Assignment

Type: CWE

CWE ID: CWE-285

Description: Improper Authorization

Type: CWE

CWE ID: CWE-266

Description: Incorrect Privilege Assignment

Metrics

Version	Base score	Base severity	Vector
4.0	2.3	LOW	CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3.1	3.1	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
3.0	3.1	LOW	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
2.0	2.1	N/A	AV:N/AC:H/Au:S/C:N/I:N/A:P

Version: 4.0

Base score: 2.3

Base severity: LOW

Vector:

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Version: 3.1

Base score: 3.1

Base severity: LOW

Vector:

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

Version: 3.0

Base score: 3.1

Base severity: LOW

Vector:

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

Version: 2.0

Base score: 2.1

Base severity: N/A

Vector:

AV:N/AC:H/Au:S/C:N/I:N/A:P

Credits

reporter

Unnlucky1 (VulDB User)

Timeline

Event	Date
Advisory disclosed	2025-05-16 00:00:00
VulDB entry created	2025-05-16 02:00:00
VulDB entry last update	2025-05-16 11:14:05

Event: Advisory disclosed

Date: 2025-05-16 00:00:00

Event: VulDB entry created

Date: 2025-05-16 02:00:00

Event: VulDB entry last update

Date: 2025-05-16 11:14:05

References

Hyperlink	Resource
https://vuldb.com/?id.309276	vdb-entry technical-description
https://vuldb.com/?ctiid.309276	signature permissions-required
https://vuldb.com/?submit.574443	third-party-advisory
https://github.com/chujianxin0101/vuln/issues/4	exploit issue-tracking

Hyperlink: https://vuldb.com/?id.309276

Resource:

vdb-entry

technical-description

Hyperlink: https://vuldb.com/?ctiid.309276

Resource:

signature

permissions-required

Hyperlink: https://vuldb.com/?submit.574443

Resource:

third-party-advisory

Hyperlink: https://github.com/chujianxin0101/vuln/issues/4

Resource:

exploit

issue-tracking

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cna@vuldb.com

Published At:17 May, 2025 | 06:15

Updated At:19 May, 2025 | 13:35

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	2.3	LOW	CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary	3.1	3.1	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
Secondary	2.0	2.1	LOW	AV:N/AC:H/Au:S/C:N/I:N/A:P

Type: Secondary

Version: 4.0

Base score: 2.3

Base severity: LOW

Vector:

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Primary

Version: 3.1

Base score: 3.1

Base severity: LOW

Vector:

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

Type: Secondary

Version: 2.0

Base score: 2.1

Base severity: LOW

Vector:

AV:N/AC:H/Au:S/C:N/I:N/A:P

Weaknesses

CWE ID	Type	Source
CWE-266	Primary	cna@vuldb.com
CWE-285	Primary	cna@vuldb.com

CWE ID: CWE-266

Type: Primary

Source: cna@vuldb.com

CWE ID: CWE-285

Type: Primary

Source: cna@vuldb.com

References

Hyperlink	Source	Resource
https://github.com/chujianxin0101/vuln/issues/4	cna@vuldb.com	N/A
https://vuldb.com/?ctiid.309276	cna@vuldb.com	N/A
https://vuldb.com/?id.309276	cna@vuldb.com	N/A
https://vuldb.com/?submit.574443	cna@vuldb.com	N/A

Hyperlink: https://github.com/chujianxin0101/vuln/issues/4

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://vuldb.com/?ctiid.309276

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://vuldb.com/?id.309276

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://vuldb.com/?submit.574443

Source: cna@vuldb.com

Resource: N/A

CVE-2025-4819

Credits

y_project RuoYi Offline Logout batchForceLogout improper authorization

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs