How severe is CVE-2025-3199?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2025-3199?

This is classified as CWE-266, which is a common weakness in software security.

CVE-2025-3199 - MEDIUM Severity | CVSS 7.3

Vulnerability Description

A vulnerability was found in ageerle ruoyi-ai up to 2.0.1 and classified as critical. Affected by this issue is some unknown functionality of the file ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/controller/system/SysModelController.java of the component API Interface. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.2 is able to address this issue. The name of the patch is c0daf641fb25b244591b7a6c3affa35c69d321fe. It is recommended to upgrade the affected component.

Related Vulnerabilities

CVE-2023-3518

HIGH

CVSS:7.3(High)

HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1.

CWE-2662023

CVE-2023-40109

HIGH

CVSS:7.3(High)

In createFromParcel of UsbConfiguration.java, there is a possible background activity launch (BAL) due to a permissions bypass. This could lead to local escalation of privilege with no additional exec...

CWE-2662023

CVE-2024-12782

MEDIUM

CVSS:7.3(High)

A vulnerability has been found in Fujifilm Business Innovation Apeos C3070, Apeos C5570 and Apeos C6580 up to 24.8.28 and classified as critical. This vulnerability affects unknown code of the file /h...

CWE-2662024

CVE-2024-13030

MEDIUM

CVSS:7.3(High)

A vulnerability was found in D-Link DIR-823G 1.0.2B05_20181207. It has been rated as critical. This issue affects the function SetAutoRebootSettings/SetClientInfo/SetDMZSettings/SetFirewallSettings/Se...

CWE-2662024

CVE-2024-13200

MEDIUM

CVSS:7.3(High)

A vulnerability, which was classified as critical, was found in wander-chu SpringBoot-Blog 1.0. This affects the function preHandle of the file src/main/java/com/my/blog/website/interceptor/BaseInterc...

CWE-2662024

CVE-2024-45759

HIGH

CVSS:7.3(High)

Dell PowerProtect Data Domain, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an escalation of privilege vulnerability. A local low privileged attacker could potentially explo...

CWE-2662024