Zhijiantianya Ruoyi-Vue-Pro Critical Template Injection Vulnerability

Vulnerability

A critical vulnerability allowing improper neutralization of special elements in a template engine has been identified in Zhijiantianya Ruoyi-Vue-Pro version 2.4.1. This issue resides in an unknown functionality of the file '/admin-api/bpm/model/deploy', and can be exploited remotely.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution on the server, as the improper neutralization of template elements could be used to inject and execute malicious code.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

0.6

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

0.6

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zhijiantianya Ruoyi-Vue-Pro Critical Template Injection Vulnerability

Vulnerability

Impact

Affected Products

zhijiantianya ruoyi-vue-pro

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating