How severe is CVE-2025-3202?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2025-3202?

This is classified as CWE-266, which is a common weakness in software security.

CVE-2025-3202 - MEDIUM Severity | CVSS 7.3

Vulnerability Description

A vulnerability classified as critical has been found in ageerle ruoyi-ai up to 2.0.0. Affected is an unknown function of the file ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/controller/system/SysNoticeController.java. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.1 is able to address this issue. The name of the patch is 6382e177bf90cc56ff70521842409e35c50df32d. It is recommended to upgrade the affected component.

Related Vulnerabilities

CVE-2023-3518

HIGH

CVSS:7.3(High)

HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1.

CWE-2662023

CVE-2023-40109

HIGH

CVSS:7.3(High)

In createFromParcel of UsbConfiguration.java, there is a possible background activity launch (BAL) due to a permissions bypass. This could lead to local escalation of privilege with no additional exec...

CWE-2662023

CVE-2024-12782

MEDIUM

CVSS:7.3(High)

A vulnerability has been found in Fujifilm Business Innovation Apeos C3070, Apeos C5570 and Apeos C6580 up to 24.8.28 and classified as critical. This vulnerability affects unknown code of the file /h...

CWE-2662024

CVE-2024-13030

MEDIUM

CVSS:7.3(High)

A vulnerability was found in D-Link DIR-823G 1.0.2B05_20181207. It has been rated as critical. This issue affects the function SetAutoRebootSettings/SetClientInfo/SetDMZSettings/SetFirewallSettings/Se...

CWE-2662024

CVE-2024-13200

MEDIUM

CVSS:7.3(High)

A vulnerability, which was classified as critical, was found in wander-chu SpringBoot-Blog 1.0. This affects the function preHandle of the file src/main/java/com/my/blog/website/interceptor/BaseInterc...

CWE-2662024

CVE-2024-45759

HIGH

CVSS:7.3(High)

Dell PowerProtect Data Domain, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an escalation of privilege vulnerability. A local low privileged attacker could potentially explo...

CWE-2662024