CVE-2025-10473 MEDIUM

CVE-2025-10473: yangzongzhuan RuoYi Blacklist SqlUtil.java filterKeyword sql injection

Vendor Yangzongzhuan

Product RuoYi

Weakness CWE-89 · SQLi

Published September 15, 2025

Last update September 16, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This impacts the function filterKeyword of the file /com/ruoyi/common/utils/sql/SqlUtil.java of the component Blacklist Handler. The manipulation results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be exploited.

Key dates

Disclosure timeline

September 15, 2025 CVE published

September 16, 2025 Record updated

Identifiers

CVE CVE-2025-10473

CWE CWE-89

CVSS 5.3 / MEDIUM

Affected versions

Vendor Yangzongzhuan

Product RuoYi

Affected 4.8.0

Vendor Yangzongzhuan

Product RuoYi

Affected 4.8.1