Vulnerability Description
A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been classified as problematic. Affected is an unknown function of the file ruoyi-admin/src/main/resources/application-druid.yml of the component Druid. The manipulation leads to use of default credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ruoyi | Ruoyi | <= 4.8.1 |
Related Weaknesses (CWE)
References
- https://github.com/yangzongzhuan/RuoYi/issues/297Exploit
- https://vuldb.com/?ctiid.317022Permissions RequiredVDB Entry
- https://vuldb.com/?id.317022Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.618362Third Party AdvisoryVDB Entry
- https://github.com/yangzongzhuan/RuoYi/issues/297Exploit
FAQ
What is CVE-2025-7907?
CVE-2025-7907 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been classified as problematic. Affected is an unknown function of the file ruoyi-admin/src/main/resources/application-druid.yml of...
How severe is CVE-2025-7907?
CVE-2025-7907 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-7907?
Check the references section above for vendor advisories and patch information. Affected products include: Ruoyi Ruoyi.