CVE-2025-10384 is a medium severity vulnerability affecting yangzongzhuan's RuoYi software versions up to 4.8.1. The flaw resides in the Role Handler component, specifically in the /system/role/authUser/cancelAll endpoint. This endpoint processes requests involving the manipulation of roleId and userIds arguments. Due to improper authorization checks, an attacker with low privileges (requiring some level of authentication but no user interaction) can remotely exploit this vulnerability to manipulate role assignments or removals without proper permissions. The vulnerability does not require user interaction and can be exploited over the network, making it a remote attack vector. The CVSS 4.0 vector indicates no privileges required (PR:L means low privileges), no user interaction, and partial impact on confidentiality, integrity, and availability. The vendor has been contacted but has not responded or issued a patch, and no known exploits are currently observed in the wild, although proof-of-concept exploits have been published. This vulnerability could allow unauthorized privilege escalation or unauthorized role modifications, potentially leading to unauthorized access or disruption of role-based access controls within affected systems.

For European organizations using RuoYi versions 4.8.0 or 4.8.1, this vulnerability poses a risk to the integrity and confidentiality of role-based access control mechanisms. Attackers exploiting this flaw could alter user roles or revoke role assignments improperly, potentially granting themselves or others unauthorized privileges or removing legitimate access. This can lead to unauthorized data access, privilege escalation, or disruption of business processes relying on role-based permissions. Given that RuoYi is an open-source Java-based rapid development platform popular in some enterprise environments, organizations relying on it for internal management or web applications could face increased risk of insider threat exploitation or external attackers gaining footholds. The medium severity rating suggests moderate impact, but the lack of vendor response and patch availability increases risk exposure. European organizations with sensitive data or regulatory obligations (e.g., GDPR) must consider the potential for data breaches or compliance violations if unauthorized access occurs.

1. Immediate mitigation should include restricting network access to the /system/role/authUser/cancelAll endpoint via firewall rules or web application firewalls (WAF) to trusted IPs only. 2. Implement strict monitoring and logging of role modification activities to detect anomalous or unauthorized changes. 3. Enforce multi-factor authentication and least privilege principles to limit the impact of compromised low-privilege accounts. 4. If possible, upgrade to a version of RuoYi that addresses this vulnerability once available or apply community-provided patches after thorough testing. 5. Conduct internal audits of user roles and permissions to identify and remediate any unauthorized changes. 6. Employ runtime application self-protection (RASP) tools to detect and block exploitation attempts targeting this endpoint. 7. Educate development and operations teams about this vulnerability to ensure rapid response and patch management once a fix is released.