Vulnerability Database

314,373

Total vulnerabilities in the database

CVE-2025-67342

RuoYi versions 4.8.1 and earlier is affected by a stored XSS vulnerability in the /system/menu/edit endpoint. While the endpoint is protected by an XSS filter, the protection can be bypassed. Additionally, because the menu is shared across all users, any user with menu modification permissions can impact all users by exploiting this stored XSS vulnerability.

Published: Dec 12, 2025
Updated: Dec 20, 2025
CVE: CVE-2025-67342
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.6
AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
ruoyi / ruoyi	-	4.8.1.x

https://github.com/yangzongzhuan/RuoYi/issues/308

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo