CVE-2025-4537

yangzongzhuan RuoYi-Vue Password login.vue sensitive information in a cookie

Description

A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.8.9 and classified as problematic. Affected by this issue is some unknown functionality of the file ruoyi-ui/jsencrypt.js and ruoyi-ui/login.vue of the component Password Handler. The manipulation leads to cleartext storage of sensitive information in a cookie. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

INFO

Published Date :

2025-05-11T09:31:05.162Z

Last Modified :

2025-05-12T14:17:03.949Z

Source :

VulDB

AFFECTED PRODUCTS

The following products are affected by CVE-2025-4537 vulnerability.

Vendors	Products
Ruoyi	Ruoyi-vue

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-4537.

URL	Resource
https://magnificent-dill-351.notion.site/Password-Disclosure-in-RuoYi-Vue-3-8-9-1e3c693918ed80ee9799f270c8346cd4
https://vuldb.com/?ctiid.308282
https://vuldb.com/?id.308282
https://vuldb.com/?submit.566469

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Detailed values of each vector for above chart.

Access Vector

Access Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact