{"id":"CVE-2025-3199","details":"A vulnerability was found in ageerle ruoyi-ai up to 2.0.1 and classified as critical. Affected by this issue is some unknown functionality of the file ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/controller/system/SysModelController.java of the component API Interface. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.2 is able to address this issue. The name of the patch is c0daf641fb25b244591b7a6c3affa35c69d321fe. It is recommended to upgrade the affected component.","modified":"2026-02-26T09:19:36.887296Z","published":"2025-04-04T02:15:19.013Z","references":[{"type":"ADVISORY","url":"https://github.com/Tr0e/CVE_Hunter/blob/main/ruoyi-ai/ruoyi-ai_UnauthorizedAccess_01.md"},{"type":"ADVISORY","url":"https://github.com/ageerle/ruoyi-ai/releases/tag/v2.0.2"},{"type":"ADVISORY","url":"https://vuldb.com/?ctiid.303152"},{"type":"ADVISORY","url":"https://vuldb.com/?id.303152"},{"type":"ADVISORY","url":"https://vuldb.com/?submit.545830"},{"type":"REPORT","url":"https://github.com/ageerle/ruoyi-ai/issues/43"},{"type":"REPORT","url":"https://github.com/ageerle/ruoyi-ai/issues/43#issuecomment-2763091490"},{"type":"REPORT","url":"https://vuldb.com/?ctiid.303152"},{"type":"FIX","url":"https://github.com/gwozai/ruoyi-ai/commit/c0daf641fb25b244591b7a6c3affa35c69d321fe"},{"type":"EVIDENCE","url":"https://github.com/Tr0e/CVE_Hunter/blob/main/ruoyi-ai/ruoyi-ai_UnauthorizedAccess_01.md"},{"type":"EVIDENCE","url":"https://github.com/ageerle/ruoyi-ai/issues/43"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ageerle/ruoyi-ai","events":[{"introduced":"0"},{"fixed":"ae141a6591e49c69bce849e760bf11a5216d2f50"}]}],"versions":["v2.0.1"],"database_specific":{"vanir_signatures":[{"target":{"file":"ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/domain/bo/ChatConfigBo.java"},"id":"CVE-2025-3199-2388f3cc","signature_type":"Line","deprecated":false,"signature_version":"v1","digest":{"line_hashes":["227501469426212675511655621799581584358","243448764519787841111112996392828396319","149190730956301318349238670767364930597","4034692121568050045737915253622185087"],"threshold":0.9},"source":"https://github.com/ageerle/ruoyi-ai/commit/ae141a6591e49c69bce849e760bf11a5216d2f50"},{"target":{"file":"ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/domain/ChatConfig.java"},"id":"CVE-2025-3199-4553aa4d","signature_type":"Line","deprecated":false,"signature_version":"v1","digest":{"line_hashes":["268435000005460301730991025995531718038","106976313809124002903370931784607609080","265742889106448528267895830492570719298","299838441966097583314014484001312687796"],"threshold":0.9},"source":"https://github.com/ageerle/ruoyi-ai/commit/ae141a6591e49c69bce849e760bf11a5216d2f50"},{"target":{"file":"ruoyi-common/ruoyi-common-sensitive/src/main/java/org/ruoyi/common/sensitive/core/SensitiveStrategy.java"},"id":"CVE-2025-3199-d740a810","signature_type":"Line","deprecated":false,"signature_version":"v1","digest":{"line_hashes":["193278587735702595565437631248710675652","68905636984591273321104577818887652389","14957923346742623142441862943208677059"],"threshold":0.9},"source":"https://github.com/ageerle/ruoyi-ai/commit/ae141a6591e49c69bce849e760bf11a5216d2f50"},{"target":{"file":"ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/domain/vo/ChatConfigVo.java"},"id":"CVE-2025-3199-dea591a1","signature_type":"Line","deprecated":false,"signature_version":"v1","digest":{"line_hashes":["330391786575452291789679188894534228690","249547858263642620759545455288359151061","147502229922282994398156517944111553193","1764791782591584219667471772007741701","161885764113936062464628081686776720308","6848185465232877110858978512235278238","222141583240313865456022222083947057586","183637207600293406724753889560838492618"],"threshold":0.9},"source":"https://github.com/ageerle/ruoyi-ai/commit/ae141a6591e49c69bce849e760bf11a5216d2f50"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-3199.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/gwozai/ruoyi-ai","events":[{"introduced":"0"},{"fixed":"c0daf641fb25b244591b7a6c3affa35c69d321fe"}]}],"database_specific":{"vanir_signatures":[{"target":{"file":"ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/controller/system/SysModelController.java"},"id":"CVE-2025-3199-60ab1274","signature_type":"Line","deprecated":false,"signature_version":"v1","digest":{"line_hashes":["2614757011968763244070920185262089823","83505120076088770285318203522517532195","259617665711183729443869175487715147902","54145875144263262383634852201867773432","212134638738602728834241520455578104018","300214892944715460576130921098176356939","54592886251072269078918414260154805442","260632238353551868615216007843870994883","190987949685032147219316981781217681854"],"threshold":0.9},"source":"https://github.com/gwozai/ruoyi-ai/commit/c0daf641fb25b244591b7a6c3affa35c69d321fe"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-3199.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}