CVE-2025-67342 identifies a stored Cross-Site Scripting (XSS) vulnerability in RuoYi, an enterprise-level Java-based management framework widely used for building internal management systems. The vulnerability exists in the /system/menu/edit endpoint, which allows users with menu modification permissions to edit menu entries. Although an XSS filter is implemented to sanitize inputs, it can be bypassed, enabling an attacker to inject malicious JavaScript payloads that are stored persistently. Because the menu is shared across all users, the injected script executes in the browsers of all users who access the menu, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of users. Exploitation requires the attacker to have legitimate menu modification rights and some user interaction to trigger the payload. The CVSS score of 4.6 (medium severity) reflects that the attack vector is network-based, requires low privileges, and user interaction, with limited impact on confidentiality and integrity but no impact on availability. No public exploits have been reported yet, but the vulnerability poses a risk especially in environments where multiple users share the same menu interface and where privilege separation is weak. The vulnerability is classified under CWE-79, indicating improper neutralization of input during web page generation. The lack of a patch link suggests that a fix may not yet be publicly available, emphasizing the need for immediate mitigation steps by administrators.

For European organizations, the impact of CVE-2025-67342 can be significant in environments where RuoYi is deployed for internal management or customer-facing portals. Exploitation could lead to unauthorized script execution in users’ browsers, resulting in session hijacking, theft of sensitive information such as authentication tokens or personal data, and potential lateral movement within the network. Since the menu is shared, a single compromised user with menu modification rights can affect all users, amplifying the risk. This can undermine trust in internal systems, lead to data breaches, and cause compliance issues under GDPR due to unauthorized data exposure. The medium severity score reflects moderate risk, but the shared nature of the menu and the persistence of the injected payload increase the potential impact. Organizations with large user bases or critical business functions tied to RuoYi systems may face operational disruptions or reputational damage if exploited.

1. Immediately audit and restrict menu modification permissions to only trusted and essential personnel to reduce the attack surface. 2. Implement additional input validation and sanitization mechanisms beyond the existing XSS filter, such as context-aware encoding and use of security libraries that enforce strict input constraints. 3. Monitor logs and user activities related to menu edits for suspicious or anomalous behavior indicative of exploitation attempts. 4. Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts in browsers. 5. Isolate critical user roles and consider multi-factor authentication (MFA) for users with elevated privileges. 6. Stay updated with vendor advisories for patches or updates addressing this vulnerability and apply them promptly once available. 7. Conduct regular security training to raise awareness among users with modification rights about the risks of XSS and safe coding practices. 8. Consider implementing web application firewalls (WAF) with rules tailored to detect and block XSS payloads targeting the /system/menu/edit endpoint.