SecuriTricks - CVE-2025-7907

Description

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been classified as problematic. Affected is an unknown function of the file ruoyi-admin/src/main/resources/application-druid.yml of the component Druid. The manipulation leads to use of default credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Product(s) Impacted

Vendor	Product	Versions
Yangzongzhuan	Ruoyi	<4.8.1
Druid	Druid	*

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-1392

Use of Default Credentials

The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	yangzongzhuan	ruoyi	<4.8.1	/	/	/	/	/	/	/
a	druid	druid	/	/	/	/	/	/	/	/

References

https://github.com/yangzongzhuan/RuoYi/issues/297

https://vuldb.com/?ctiid.317022

https://vuldb.com/?id.317022

https://vuldb.com/?submit.618362

https://github.com/yangzongzhuan/RuoYi/issues/297

CVSS Score

5.3 / 10

CVSS Data - 4.0

Attack Vector: NETWORK
Attack Complexity: LOW
Attack Requirements: NONE
Privileges Required: LOW
User Interaction: NONE
Scope:
Confidentiality Impact: LOW
Integrity Impact: NONE
Availability Impact: NONE
Exploit Maturity: PROOF_OF_CONCEPT

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

View Vector String

Timeline

Published: July 20, 2025, 9:15 p.m.
Last Modified: July 21, 2025, 1:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cna@vuldb.com

CVE-2025-7907