Home > Vulnerability Database > CVE-2025-67342

Mend.io Vulnerability Database

CVE-2025-67342

Good to know:

Date: December 12, 2025

RuoYi versions 4.8.1 and earlier is affected by a stored XSS vulnerability in the /system/menu/edit endpoint. While the endpoint is protected by an XSS filter, the protection can be bypassed. Additionally, because the menu is shared across all users, any user with menu modification permissions can impact all users by exploiting this stored XSS vulnerability.

Severity Score

4.6

Related Resources (3)

Url: https://github.com/yangzongzhuan/RuoYi/issues/308

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-67342

Url: https://www.mend.io/vulnerability-database/CVE-2025-67342

Severity Score

4.6

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	4.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-67342

Good to know:

Date: December 12, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?