CVE-2025-4819 – Y_Project RuoYi Remote Improper Authorization Vulnerability

May 17, 2025

CVE ID : CVE-2025-4819

Published : May 17, 2025, 6:15 a.m. | 2 hours, 52 minutes ago

Description : A vulnerability classified as problematic has been found in y_project RuoYi 4.8.0. Affected is an unknown function of the file /monitor/online/batchForceLogout of the component Offline Logout. The manipulation of the argument ids leads to improper authorization. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.

Severity: 3.1 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleDesigner Spotlight: Ning Huang

Next Article CVE-2025-4389 – “WordPress Crawlomatic Multipage Scraper Plugin Arbitrary File Upload Vulnerability”

10 Top Node.js Development Companies for Enterprise-Scale Projects (2025-2026 Ranked & Reviewed)

12 Must-Know Cost Factors When Hiring Node.js Developers for Your Enterprise

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

Hideo Kojima’s “OD” is still in development with Xbox, at least for today

Microsoft is replacing salespeople with “solutions engineers” amid recent layoffs — promoting Copilot AI while ChatGPT dominates the enterprise sector

Microsoft’s extra year of Windows 10 security updates isn’t a “viable solution” for the 400 million PCs that can’t upgrade to Windows 11 — “It’s obvious users are frustrated and feel yanked around.”

OpenAI almost shipped ChatGPT with a different name — before a late-night twist

The dog days of JavaScript summer

The dog days of JavaScript summer

Databricks Lakebase – Database Branching in Action

Flutter + GitHub Copilot = Your New Superpower

Hideo Kojima’s “OD” is still in development with Xbox, at least for today

Hideo Kojima’s “OD” is still in development with Xbox, at least for today

Microsoft is replacing salespeople with “solutions engineers” amid recent layoffs — promoting Copilot AI while ChatGPT dominates the enterprise sector

Microsoft’s extra year of Windows 10 security updates isn’t a “viable solution” for the 400 million PCs that can’t upgrade to Windows 11 — “It’s obvious users are frustrated and feel yanked around.”

CVE-2025-4819 – Y_Project RuoYi Remote Improper Authorization Vulnerability

Google Chrome Now Scans Your PC for Windows 11 Upgrade Eligibility as Windows 10 Nears EOL

CVE-2025-7074 – Vercel Hyper Regular Expression Complexity

Microsoft urges users to ditch Windows 10 for Windows 11 because it’s better in 7 ways

FormBook Returns: Exploiting CVE-2017-0199 via Malicious Excel Attachments in New Phishing Campaign

CVE-2024-53010 – VMware ESXi Memory Corruption Vulnerability

Seagate’s 4TB Xbox Series X|S Expansion Card is $70 off — but only until June 22

CVE-2025-47888 – Jenkins DingTalk Plugin SSL/TLS Certificate Validation Bypass Vulnerability

This charmingly witchy 4-player life sim is one of 2025’s most anticipated indie games (and it’s coming to Xbox Game Pass)

Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server

Enabling Subscriptions in Shopify

CVE-2025-4819 – Y_Project RuoYi Remote Improper Authorization Vulnerability

Related Posts