CVE-2025-7901 MEDIUM

CVE-2025-7901: yangzongzhuan RuoYi Swagger UI index.html cross site scripting

Vendor Yangzongzhuan

Product RuoYi

Weakness CWE-79 · XSS

Published July 20, 2025

Last update July 21, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X

What the vulnerability does

01Description

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been rated as problematic. This issue affects some unknown processing of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting. The attack may be initiated remotely.

Key dates

02Disclosure timeline

July 20, 2025 CVE published

July 21, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-7901

Related vulnerabilities

04Related CVE

CVE-2024-13460 WE – Testimonial Slider <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-64200 WordPress Email Template Customizer for WooCommerce plugin <= 1.2.17 - Cross Site Scripting (XSS) vulnerability CVE-2025-30219 RabbitMQ has XSS Vulnerability in an Error Message in Management UI CVE-2025-5724 SourceCodester Student Result Management System Subjects Page subjects cross site scripting CVE-2022-1255 Import and export users and customers < 1.19.2.1 - Admin+ Stored Cross-Site Scripting

Identifiers

CVE CVE-2025-7901

CWE CWE-79

CVSS 5.3 / MEDIUM

Affected versions

Vendor Yangzongzhuan

Product RuoYi

Affected 4.8.0

Vendor Yangzongzhuan

Product RuoYi

Affected 4.8.1