CVE-2025-46174: Ruoyi v4.8.0 vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the rese…

November 26, 2025 • Source: NVD (API) • 20 words, ~1 min read

Ruoyi v4.8.0 vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the resetPwd Method of SysUserController.java.

Related CVEs

CVE-2025-46174

This article is best viewed with JavaScript enabled. Visit: https://10alert.com/article/cve-2025-46174-ruoyi-v480-vulnerable-to-incorrect-access-control-there-i-b6c498e6