CVE-2025-2040

MEDIUM Year: 2025
CVSS v3 Score
6.3
Medium
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-791
View all →

Vulnerability Description

A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected by this vulnerability is an unknown functionality of the file /admin-api/bpm/model/deploy. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Related Vulnerabilities

CVE-2025-5325

MEDIUM
CVSS:6.3(Medium)

A vulnerability has been found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the f...

CWE-7912025

CVE-2023-1076

MEDIUM
CVSS:5.5(Medium)

A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devic...

CWE-7912023

CVE-2020-36827

MEDIUM
CVSS:5.4(Medium)

The XAO::Web module before 1.84 for Perl mishandles < and > characters in JSON output during use of json-embed in Web::Action.

CWE-7912020

CVE-2023-31172

HIGH
CVSS:7.4(High)

An Incomplete Filtering of Special Elements vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be ...

CWE-7912023

CVE-2024-39283

HIGH
CVSS:7.8(High)

Incomplete filtering of special elements in Intel(R) TDX module software before version TDX_1.5.01.00.592 may allow an authenticated user to potentially enable escalation of privilege via local access...

CWE-7912024

CVE-2025-0716

MEDIUM
CVSS:4.8(Medium)

Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form...

CWE-7912025