Cyber Resilience

CVE-2025-0734

Medium

Published: 27 January 2025

Published
27 January 2025
Modified
13 May 2025
KEV Added
Patch
CVSS Score v4 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0024 48.0th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0734 is a medium-severity Improper Input Validation (CWE-20) vulnerability in Ruoyi Ruoyi. Its CVSS base score is 5.1 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 48.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-0734 is a deserialization vulnerability classified as critical in y_project RuoYi versions up to 4.8.0. It affects the getBeanName function within the Whitelist component, stemming from CWE-20 (Improper Input Validation) and CWE-502 (Deserialization of Untrusted Data). The issue enables remote manipulation leading to deserialization.

Attackers require high privileges (PR:H) to exploit this vulnerability over the network (AV:N) with low complexity (AC:L) and no user interaction (UI:N). Successful exploitation results in low impacts on confidentiality, integrity, and availability (C:L/I:L/A:L), yielding an overall CVSS v3.1 base score of 4.7 with unchanged scope (S:U).

Advisories note that the vendor was contacted early regarding disclosure but provided no response. A public exploit has been disclosed, including at a GitHub Gist, and may be actively used. Relevant references include VulDB entries at https://vuldb.com/?ctiid.293512, https://vuldb.com/?id.293512, and https://vuldb.com/?submit.482823.

The vulnerability was published on 2025-01-27, with the exploit publicly available shortly after disclosure.

EU & UK References

Vulnerability details

A vulnerability has been found in y_project RuoYi up to 4.8.0 and classified as critical. This vulnerability affects the function getBeanName of the component Whitelist. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been…

more

disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Deserialization of untrusted data (CWE-502) in a remotely accessible web component directly enables remote code execution via crafted input, matching exploitation of a public-facing application for initial access or execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-57521Same product: Ruoyi Ruoyi
CVE-2025-70985Same product: Ruoyi Ruoyi
CVE-2025-70986Same product: Ruoyi Ruoyi
CVE-2024-57436Same product: Ruoyi Ruoyi
CVE-2025-0465Shared CWE-20, CWE-502
CVE-2025-2376Shared CWE-20, CWE-502
CVE-2025-1113Shared CWE-20, CWE-502
CVE-2025-2689Shared CWE-20, CWE-502
CVE-2025-1177Shared CWE-20, CWE-502
CVE-2024-13136Shared CWE-20, CWE-502

Affected Assets

ruoyi
ruoyi
≤ 4.8.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses CWE-20 improper input validation in the Whitelist component's getBeanName function that enables deserialization of untrusted data.

prevent

Provides for identification, reporting, testing, and correction of the specific deserialization flaw in RuoYi up to version 4.8.0.

preventdetect

Integrity-checking mechanisms detect unauthorized changes or tampering in untrusted data prior to deserialization, mitigating CWE-502.

References