CVE-2025-7906
BaseFortify
Publication date: 2025-07-20
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ruoyi | ruoyi | to 4.8.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7906 is a critical vulnerability in the RuoYi project (up to version 4.8.1) that allows attackers to upload files without proper validation or sanitization. Specifically, the file upload endpoints (/common/upload and /common/uploads) accept files with extensions like .html, .htm, and .pdf without checking their content. This enables attackers to upload malicious files containing scripts, leading to Stored Cross-Site Scripting (Stored XSS) attacks. When other users access these uploaded files, the malicious scripts execute in their browsers, potentially compromising their security. [1, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute arbitrary JavaScript in the browsers of users who access the uploaded malicious files. This can lead to phishing attacks, theft of credentials, session hijacking, and other malicious activities that compromise the confidentiality, integrity, and availability of your system and user data. Since the attack can be performed remotely without authentication, it poses a significant security risk. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring or testing the vulnerable endpoints `/common/upload` and `/common/uploads` for unrestricted file upload behavior. You can attempt to upload files with extensions such as `.html`, `.htm`, or `.pdf` containing malicious scripts to see if the server accepts and stores them without sanitization. For detection on the network, you can use tools like curl or wget to test the upload endpoints, for example: curl -X POST -F "[email protected]" http://target/common/upload Additionally, monitoring HTTP traffic for POST requests to these endpoints with suspicious file uploads can help detect exploitation attempts. Checking server responses for successful upload messages and verifying if uploaded files are accessible and executable can confirm the vulnerability. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or restricting access to the vulnerable upload endpoints `/common/upload` and `/common/uploads` to prevent unauthorized file uploads. Implement strict validation and sanitization of uploaded files, restricting allowed file types to safe extensions and scanning uploaded content for malicious scripts. If possible, replace or update the affected component to a version that addresses this vulnerability. Since no known mitigations are documented, consider applying web application firewalls (WAF) rules to block malicious upload attempts and monitor for suspicious activity. Removing or limiting the ability to upload `.html`, `.htm`, and `.pdf` files without validation is critical to prevent exploitation. [2, 3]