A vulnerability was found in y_project RuoYi 4.8.0 and classified as critical. This affects the function resetPwd of the file SysUserController.java. Executing manipulation can lead to improper access controls.

This vulnerability is registered as CVE-2025-46174. It is possible to launch the attack remotely. No exploit is available.