How severe is CVE-2025-4537?

This vulnerability has a severity rating of LOW with a CVSS score of 3.1 out of 10.

What type of vulnerability is CVE-2025-4537?

This is classified as CWE-312, which is a common weakness in software security.

CVE-2025-4537 - LOW Severity | CVSS 3.1

Vulnerability Description

A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.8.9 and classified as problematic. Affected by this issue is some unknown functionality of the file ruoyi-ui/jsencrypt.js and ruoyi-ui/login.vue of the component Password Handler. The manipulation leads to cleartext storage of sensitive information in a cookie. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Related Vulnerabilities

CVE-2020-9407

LOW

CVSS:3.1(Low)

IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie.

CWE-3122020

CVE-2023-24586

LOW

CVSS:3.1(Low)

Cleartext storage of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote authenticated attacker to obtain an APN credential for the product.

CWE-3122023

CVE-2010-3282

LOW

CVSS:3.3(Low)

389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw)...

CWE-3122010

CVE-2019-10433

LOW

CVSS:3.3(Low)

Jenkins Dingding[钉钉] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file s...

CWE-3122019

CVE-2019-10450

LOW

CVSS:3.3(Low)

Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

CWE-3122019

CVE-2020-6980

LOW

CVSS:3.3(Low)

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Tra...

CWE-3122020