Home > Vulnerability Database > CVE-2025-6466

Mend.io Vulnerability Database

CVE-2025-6466

Date: June 22, 2025

A vulnerability was found in ageerle ruoyi-ai 2.0.0 and classified as critical. Affected by this issue is the function speechToTextTranscriptionsV2/upload of the file ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/service/impl/SseServiceImpl.java. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.1 is able to address this issue. The patch is identified as 4e93ac86d4891c59ecfcd27c051de9b3c5379315. It is recommended to upgrade the affected component.

Severity Score

9.1

Related Resources (9)

Url: https://github.com/ageerle/ruoyi-ai/issues/9#event-16775988438

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-6466

Url: https://github.com/ageerle/ruoyi-ai/releases/tag/v2.0.1

Url: https://vuldb.com/?id.313574

Url: https://vuldb.com/?submit.598365

Url: https://vuldb.com/?ctiid.313574

Url: https://github.com/ageerle/ruoyi-ai/issues/9

Url: https://github.com/ageerle/ruoyi-ai/commit/4e93ac86d4891c59ecfcd27c051de9b3c5379315

Url: https://www.mend.io/vulnerability-database/CVE-2025-6466

Severity Score

9.1

Weakness Type (CWE)

Improper Access Control

CWE-284

Unrestricted Upload of File with Dangerous Type

CWE-434

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-6466

Date: June 22, 2025

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?