CVE-2025-10278 | YunaiV ruoyi-vue-pro up to 2025.09 /crm/contact/transfer ids/newOwnerUserId improper authorization

Inserito da Angelo Barbosa | Set 11, 2025 | CVE

A vulnerability identified as critical has been detected in YunaiV ruoyi-vue-pro up to 2025.09. Impacted is an unknown function of the file /crm/contact/transfer. This manipulation of the argument ids/newOwnerUserId causes improper authorization.

This vulnerability is tracked as CVE-2025-10278. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-10278 | YunaiV ruoyi-vue-pro up to 2025.09 /crm/contact/transfer ids/newOwnerUserId improper authorization

Post correlati

CVE-2024-44915 | Irfanview 4.67.1.0 EXR File ReadEXR denial of service

CVE-2024-29928 | WP Codeus Advanced Sermons Plugin up to 3.1 on WordPress cross site scripting

CVE-2024-30202 | GNU Emacs up to 29.2 Org Mode Remote Code Execution

CVE-2025-49029 | bitto.kazi Custom Login and Signup Widget Plugin up to 1.0 on WordPress code injection