How severe is CVE-2025-28403?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2025-28403?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2025-28403

HIGH Year: 2025

CVSS v3 Score

7.2

High

Weakness Type

CWE-284

View all →

Vulnerability Description

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method does not properly validate whether the requesting user has administrative privileges before allowing modifications to system configuration settings

CVE-2015-3653

HIGH

CVSS:7.2(High)

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequent...

CWE-2842015

CVE-2015-3654

HIGH

CVSS:7.2(High)

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than C...

CWE-2842015

CVE-2015-3657

HIGH

CVSS:7.2(High)

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain "Super Admin" privileges via unspecified vectors.

CWE-2842015

CVE-2015-4649

HIGH

CVSS:7.2(High)

CWE-2842015

CVE-2016-10084

HIGH

CVSS:7.2(High)

admin/batch_manager.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the $page['tab'] variable (aka the mode parameter).

CWE-2842016

CVE-2016-10085

HIGH

CVSS:7.2(High)

admin/languages.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the tab parameter.

CWE-2842016

CVE-2025-28403

Vulnerability Description

Related Vulnerabilities

CVE-2015-3653

CVE-2015-3654

CVE-2015-3657

CVE-2015-4649

CVE-2016-10084

CVE-2016-10085