How severe is CVE-2025-7902?

CVE-2025-7902 has a CVSS v3 score of 3.5 (LOW).

CVE-2025-7902

Name: ruoyi
Author: ruoyi

3.5LOW

A vulnerability classified as problematic has been found in yangzongzhuan RuoYi up to 4.8.1. Affected is the function addSave of the file com/ruoyi/web/controller/system/SysNoticeController.java. The

Publicado: 7/20/2025Actualizado: 8/8/2025

Descripción

A vulnerability classified as problematic has been found in yangzongzhuan RuoYi up to 4.8.1. Affected is the function addSave of the file com/ruoyi/web/controller/system/SysNoticeController.java. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Análisis IAImpulsado por IA

Productos Afectados

ruoyiruoyi

Referencias

https://github.com/yangzongzhuan/RuoYi/issues/294
Exploit
https://github.com/yangzongzhuan/RuoYi/issues/294#issue-3211205807
Exploit
https://vuldb.com/?ctiid.317016
Permissions RequiredVDB Entry
https://vuldb.com/?id.317016
Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.618354
Third Party AdvisoryVDB Entry
https://github.com/yangzongzhuan/RuoYi/issues/294
Exploit