CVE-2025-9413
Last modified
CVE-2025-9413 is a low-severity vulnerability rated 2.1/10 on the CVSS scale. A flaw has been found in lostvip-com ruoyi-go up to 2.1. This impacts the function SelectListByPage of the file modules/system/system_router.go. EPSS estimates a 0.44% chance of exploitation in the next 30 days.
Description
A flaw has been found in lostvip-com ruoyi-go up to 2.1. This impacts the function SelectListByPage of the file modules/system/system_router.go. This manipulation of the argument orderByColumn/isAsc causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Lostvip | Ruoyi-Go | <= 2.1 |
References
- https://github.com/on-theway/cve/issues/8Broken Link
- https://github.com/on-theway/cve/issues/9Broken Link
- https://vuldb.com/?ctiid.321254Permissions Required, VDB Entry
- https://vuldb.com/?id.321254Third Party Advisory, VDB Entry
- https://vuldb.com/?submit.633730Third Party Advisory, VDB Entry
- https://vuldb.com/?submit.633731Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-9413?
How severe is CVE-2025-9413?
How do I fix CVE-2025-9413?
Are you affected by CVE-2025-9413?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST