CVE-2025-7907

CVSS v3.1

4.3

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions yangzongzhuan RuoYi versions up to 4.8.1

Description A problematic issue exists in yangzongzhuan RuoYi. The issue involves the use of default credentials within an unknown function of the

ruoyi-admin/src/main/resources/application-druid.yml

file of the Druid component. This can be exploited remotely. The exploit has been publicly disclosed.

Recommendations Versions prior to 4.8.1 should be used. Consider restricting access to the

application-druid.yml

file to mitigate the risk.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1392

Related Identifiers

CVE-2025-7907

Affected Products

Druid

Ruoyi

CVE-2025-7907

Weakness Enumeration

Related Identifiers

Affected Products

References · 11