Cross-Site Scripting in Swagger UI of RuoYi by yangzongzhuan
CVE-2025-7901

5.3MEDIUM

Key Information:

Vendor

Yangzongzhuan

Status
Ruoyi
Vendor
CVE Published:
20 July 2025

What is CVE-2025-7901?

A vulnerability has been identified in the Swagger UI component of RuoYi by yangzongzhuan, specifically affecting the handling of the configUrl argument in the /swagger-ui/index.html file. This flaw can lead to cross-site scripting (XSS) attacks that may be executed remotely, potentially compromising user data and allowing attackers to inject malicious scripts into web pages viewed by users.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

RuoYi 4.8.0

RuoYi 4.8.1

References

https://vuldb.com/?id.317015
vdb-entrytechnical-description
https://vuldb.com/?ctiid.317015
signaturepermissions-required
https://vuldb.com/?submit.618353
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

ZAST.AI (VulDB User)
JSON
.