CVE-2025-7903
BaseFortify
Publication date: 2025-07-20
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ruoyi | ruoyi | to 4.8.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1021 | The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7903 is a frame injection vulnerability in yangzongzhuan RuoYi up to version 4.8.1. It arises from a user-controlled 'img' element's 'src' attribute that allows loading untrusted frames without proper validation. This improper restriction of rendered UI layers enables attackers to inject malicious frames, leading to unauthorized internal service probing, information gathering, and manipulation of content within trusted user interface contexts. The vulnerability can be exploited remotely and is considered easy to exploit. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to remotely inject malicious frames into the application's UI, which can lead to unauthorized probing of internal services, leakage of sensitive information, and manipulation of content within trusted contexts. This can cause user interface confusion, misleading users about which interface they are interacting with, potentially compromising the integrity of the application and exposing internal resources to attackers. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for the injection or presence of untrusted or malicious image source URLs in the RuoYi application's image upload or insertion functionality, specifically in the summernote.js editor component. Detection may involve inspecting HTTP requests or application logs for suspicious 'img src' attributes that load external or unexpected frames. Since the vulnerability involves user-controlled 'img src' attributes allowing frame injection, commands to search for suspicious image URLs in web server logs or application logs could help. For example, using grep to find image insertion requests or suspicious URLs: `grep -i 'img src' /path/to/logs/access.log` or monitoring network traffic for unusual frame loads targeting the RuoYi application. However, no specific detection commands are provided in the resources. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing or updating the affected RuoYi component to a version that fixes the vulnerability or using an alternative product, as no known countermeasures or patches are currently available. Additionally, restricting or sanitizing user input for image URLs in the summernote.js editor to prevent loading untrusted frames can help mitigate the risk. Applying network-level protections such as web application firewalls (WAF) to block suspicious frame injection attempts and monitoring for exploitation attempts are also advisable. Since the vulnerability allows remote exploitation without authentication, limiting exposure of the affected service and disabling or restricting the image insertion feature temporarily may reduce risk. [2, 3]