CVE-2025-7903

Summary

A vulnerability classified as problematic was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the component Image Source Handler. The manipulation leads to improper restriction of rendered ui layers. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
yangzongzhuanRuoYi4.8.0affected
yangzongzhuanRuoYi4.8.1affected

Weaknesses

  • CWE-1021: Improper Restriction of Rendered UI Layers

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References