Cross-Site Scripting in Swagger UI of RuoYi by yangzongzhuan
CVE-2025-7901

5.3MEDIUM

Key Information:

Vendor

Yangzongzhuan

Status
Ruoyi
Vendor
CVE Published:
20 July 2025

What is CVE-2025-7901?

A vulnerability has been identified in the Swagger UI component of RuoYi by yangzongzhuan, specifically affecting the handling of the configUrl argument in the /swagger-ui/index.html file. This flaw can lead to cross-site scripting (XSS) attacks that may be executed remotely, potentially compromising user data and allowing attackers to inject malicious scripts into web pages viewed by users.

Affected Version(s)

RuoYi 4.8.0

RuoYi 4.8.1

References

https://vuldb.com/?id.317015
vdb-entrytechnical-description
https://vuldb.com/?ctiid.317015
signaturepermissions-required
https://vuldb.com/?submit.618353
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

ZAST.AI (VulDB User)
.
CVE-2025-7901 : Cross-Site Scripting in Swagger UI of RuoYi by yangzongzhuan