CVE-2025-7907

MEDIUM

yangzongzhuan RuoYi <4.8.1 - Use After Free

Title source: llm

Description

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been classified as problematic. Affected is an unknown function of the file ruoyi-admin/src/main/resources/application-druid.yml of the component Druid. The manipulation leads to use of default credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

References (4)

Scores

CVSS v3 4.3
EPSS 0.0003
EPSS Percentile 8.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Classification

CWE
CWE-1392
Status published

Affected Products (1)

ruoyi/ruoyi < 4.8.1

Timeline

Published Jul 20, 2025
Tracked Since Feb 18, 2026