How severe is CVE-2025-7902?

CVE-2025-7902 has a CVSS v3 score of 3.5 (LOW).

CVE-2025-7902

Name: ruoyi
Author: ruoyi

3.5LOW

A vulnerability classified as problematic has been found in yangzongzhuan RuoYi up to 4.8.1. Affected is the function addSave of the file com/ruoyi/web/controller/system/SysNoticeController.java. The

Published: 7/20/2025Updated: 8/8/2025

Description

A vulnerability classified as problematic has been found in yangzongzhuan RuoYi up to 4.8.1. Affected is the function addSave of the file com/ruoyi/web/controller/system/SysNoticeController.java. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

AI AnalysisPowered by AI

Affected Products

ruoyiruoyi

References

https://github.com/yangzongzhuan/RuoYi/issues/294
Exploit
https://github.com/yangzongzhuan/RuoYi/issues/294#issue-3211205807
Exploit
https://vuldb.com/?ctiid.317016
Permissions RequiredVDB Entry
https://vuldb.com/?id.317016
Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.618354
Third Party AdvisoryVDB Entry
https://github.com/yangzongzhuan/RuoYi/issues/294
Exploit