What is the CVSS score of CVE-2025-66916?

CVE-2025-66916 has a CVSS 3.1 base score of 9.4 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L. EPSS exploitation probability: 0.1%.

Which versions of Ruoyi Vue Plus are affected by CVE-2025-66916?

Organizations using RuoYi-Vue-Plus face critical risk from CVE-2025-66916, a code injection vulnerability rated CVSS 9.4.

Is there a public PoC exploit available for CVE-2025-66916?

Yes, a public proof-of-concept exploit is available for CVE-2025-66916. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2025-66916?

Within 24 hours: Identify all affected systems running RuoYi-Vue-Plus and apply vendor patches immediately. Validate that input sanitization is in place for all user-controlled parameters.

Ruoyi Vue Plus CVE-2025-66916

CRITICAL

Code Injection (CWE-94)

2026-01-08 cve@mitre.org

RCE Code Injection Ruoyi Vue Plus

9.4

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.4 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Jan 30, 2026 - 01:05 vuln.today

Public exploit code

CVE Published

Jan 08, 2026 - 20:15 nvd

CRITICAL 9.4

DescriptionCVE.org

The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job/workflow/check-node-expression can execute QLExpress expressions, but it does not filter user input, allowing attackers to use the File class to perform arbitrary file reading and writing.

AnalysisAI

RuoYi-Vue-Plus (through 5.5.1) allows arbitrary file read/write through QLExpress expression evaluation in the snailjob workflow node checker. Attackers can use the File class to access any file on the server. PoC available.

Technical ContextAI

The /snail-job/workflow/check-node-expression endpoint evaluates QLExpress expressions without filtering dangerous classes (CWE-94). Attackers can use java.io.File and related classes to read sensitive files (application.yml, database credentials) or write malicious files.

RemediationAI

Update RuoYi-Vue-Plus. Implement expression sandboxing that blocks File, Runtime, Process, and other dangerous classes.

CVE-2025-66916 vulnerability details – vuln.today

Back