CVE-2025-4537 | yangzongzhuan RuoYi-Vue up to 3.8.9 Password login.vue sensitive information in a cookie

Inserito da Angelo Barbosa | Mag 10, 2025 | CVE

A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.8.9 and classified as problematic. Affected by this issue is some unknown functionality of the file ruoyi-ui/jsencrypt.js and ruoyi-ui/login.vue of the component Password Handler. The manipulation leads to cleartext storage of sensitive information in a cookie.

This vulnerability is handled as CVE-2025-4537. The attack may be launched remotely. Furthermore, there is an exploit available.

CVE-2025-4537 | yangzongzhuan RuoYi-Vue up to 3.8.9 Password login.vue sensitive information in a cookie

Post correlati

CVE-2024-21761 | Fortinet FortiPortal up to 7.0.6/7.2.0 improper authorization (FG-IR-24-016)

CVE-2024-28848 | open-metadata OpenMetadata up to 1.2.3 validateExpression code injection

CVE-2024-50449 | RedefiningTheWeb PDF Generator Addon for Elementor Page Builder Plugin cross site scripting

CVE-2024-52506 | Graylog2 Server up to 6.1.1 Reporting information disclosure