How CVE-2025-28412 Works
The vulnerability in RuoYi v4.8.0 arises from improper access control in the `/editSave` method of SysNoticeController. An attacker can craft a malicious HTTP request to this endpoint, bypassing authentication checks and gaining elevated privileges. The system fails to validate user roles when processing the request, allowing unauthorized modification of system notices. This flaw enables remote attackers to execute administrative functions, potentially leading to full system compromise. The CVSS 4.0 base score reflects critical severity due to the low attack complexity and high impact on confidentiality, integrity, and availability.
DailyCVE Form:
Platform: RuoYi
Version: 4.8.0
Vulnerability: Privilege Escalation
Severity: Critical
Date: 04/09/2025
What Undercode Say:
Exploitation:
POST /system/notice/editSave HTTP/1.1 Host: target.com Content-Type: application/x-www-form-urlencoded notice=Malicious¬iceContent=<payload>&status=0
Detection:
grep -r "editSave" /path/to/ruoyi/source/ curl -I -X POST http://target/system/notice/editSave
Mitigation:
1. Patch to RuoYi v4.8.1 or later.
2. Implement role-based access control (RBAC) for `/editSave`.
3. Add input validation in `SysNoticeController`.
Code Fix:
@RequiresPermissions("system:notice:edit")
public String editSave(SysNotice notice) {
if (!getSubject().isPermitted("system:notice:edit")) {
return "error/unauth";
}
// Rest of logic
}
Log Analysis:
cat /logs/access.log | grep "POST /system/notice/editSave"
WAF Rule:
location ~ /system/notice/editSave {
deny all;
Allow only specific IPs
}
Impact Verification:
import requests
response = requests.post("http://target/system/notice/editSave", data={"notice":"test"})
assert response.status_code != 200
References:
Reported By: https://nvd.nist.gov/vuln/detail/CVE-2025-28412
Extra Source Hub:
Undercode
