CVE-2025-6925 | Dromara RuoYi-Vue-Plus 5.4.0 Mail MailController.java filePath path traversal

A vulnerability has been found in Dromara RuoYi-Vue-Plus 5.4.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /src/main/java/org/dromara/demo/controller/MailController.java of the component Mail Handler. The manipulation of the argument filePath leads to path traversal.

This vulnerability is known as CVE-2025-6925. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-6925 | Dromara RuoYi-Vue-Plus 5.4.0 Mail MailController.java filePath path traversal

Post correlati

CVE-2023-38417 | Intel PROSet/Wireless prior 23.20 denial of service (intel-sa-01039)

CVE-2024-7609 | Vidco Software VOC TESTER prior 12.34.8 path traversal

CVE-2025-32897 | Apache Seata up to 2.2.x deserialization

CVE-2022-32204 | Huawei CV81-WDM FW 01.70.49.29.46 denial of service (sa-20220608-01)