CVE-2025-10384 is a medium-severity improper authorization vulnerability affecting yangzongzhuan RuoYi versions up to 4.8.1. The flaw resides in the Role Handler component, specifically in the /system/role/authUser/cancelAll endpoint. This endpoint processes arguments roleId and userIds to manage role-user associations. Due to insufficient authorization checks, an attacker with low privileges can remotely manipulate these parameters to perform unauthorized actions, such as revoking or altering user roles without proper permissions. The vulnerability does not require user interaction and can be exploited over the network without authentication, though it requires low privileges (PR:L). The CVSS 4.0 vector indicates no user interaction, no scope change, and partial impact on confidentiality, integrity, and availability. The vendor was notified but did not respond, and no official patches or mitigations have been published yet. Although no known exploits are currently observed in the wild, a public exploit has been published, increasing the risk of exploitation.

For European organizations using yangzongzhuan RuoYi, particularly versions 4.8.0 and 4.8.1, this vulnerability poses a significant risk to role-based access control integrity. Unauthorized modification or cancellation of user roles can lead to privilege escalation, unauthorized access to sensitive data, disruption of business processes, and potential compliance violations under GDPR due to improper access controls. The ability to exploit this remotely without user interaction increases the attack surface, especially for organizations exposing the affected endpoints to the internet or internal networks with insufficient segmentation. This could lead to lateral movement within networks, data breaches, or sabotage of critical systems relying on RuoYi for role management. The lack of vendor response and patches further exacerbates the risk, requiring organizations to implement compensating controls promptly.

1. Immediately audit all systems running yangzongzhuan RuoYi versions 4.8.0 and 4.8.1 to identify exposure of the /system/role/authUser/cancelAll endpoint. 2. Restrict network access to the affected endpoint using firewalls or network segmentation to limit exposure only to trusted administrators. 3. Implement strict monitoring and alerting on role modification activities, especially those involving bulk role cancellations or unusual user-role changes. 4. Employ Web Application Firewalls (WAF) with custom rules to detect and block suspicious requests targeting roleId and userIds parameters. 5. If possible, temporarily disable or restrict the functionality of the cancelAll endpoint until a patch is available. 6. Enforce multi-factor authentication and least privilege principles for all users with role management capabilities to reduce the risk of exploitation. 7. Stay updated with vendor communications and apply patches immediately once released. 8. Conduct penetration testing focused on authorization controls within RuoYi to identify any other potential weaknesses.