Metrics
Affected Vendors & Products
Tue, 26 Aug 2025 09:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Ruoyi
Ruoyi ruoyi |
|
Vendors & Products |
Ruoyi
Ruoyi ruoyi |
Mon, 25 Aug 2025 21:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A security flaw has been discovered in lostvip-com ruoyi-go up to 2.1. Impacted is the function DownloadTmp/DownloadUpload of the file modules/system/controller/CommonController.go. Performing manipulation of the argument fileName results in path traversal. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | |
Title | lostvip-com ruoyi-go CommonController.go DownloadUpload path traversal | |
Weaknesses | CWE-22 | |
References |
| |
Metrics |
cvssV2_0
|

Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2025-08-25T20:31:50.515Z
Reserved: 2025-08-25T08:45:01.500Z
Link: CVE-2025-9409

Updated: 2025-08-25T20:31:44.984Z

Status : Awaiting Analysis
Published: 2025-08-25T16:15:32.797
Modified: 2025-08-25T20:24:45.327
Link: CVE-2025-9409

No data.

Updated: 2025-08-26T08:54:56Z