CVE-2025-10473
BaseFortify
Publication date: 2025-09-15
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ruoyi | ruoyi | to 4.8.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-10473 is a SQL injection vulnerability in yangzongzhuan RuoYi up to version 4.8.1. It exists in the filterKeyword function of the SqlUtil.java file, part of the Blacklist Handler component. The vulnerability occurs because the application constructs SQL queries using input that is not properly sanitized, allowing attackers to inject malicious SQL commands. Specifically, the blacklist filtering can be bypassed using URL-encoded tab characters, enabling remote attackers to manipulate SQL queries and potentially compromise the system. [1, 2]
How can this vulnerability impact me? :
This vulnerability can allow remote attackers to perform SQL injection attacks, which may lead to unauthorized access, data leakage, data modification, or disruption of the affected system's availability. The attacker can manipulate SQL queries to compromise the confidentiality, integrity, and availability of the system using this flaw. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unusual SQL injection attempts targeting the filterKeyword function in the SqlUtil.java file of yangzongzhuan RuoYi up to version 4.8.1. Since the exploit involves bypassing blacklist filtering using URL-encoded tab characters (%09), you can look for HTTP requests containing suspicious SQL keywords combined with encoded whitespace characters. For example, using network monitoring tools or web application firewalls, you can search for payloads containing '%09' or other URL-encoded characters near SQL keywords like 'SELECT', 'UNION', or 'OR'. A simple command using grep on web server logs might be: `grep -iE '%09|select|union|or' /var/log/nginx/access.log`. Additionally, using tools like sqlmap with the target URL can help confirm the presence of SQL injection. However, no specific detection commands are provided in the resources. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing or upgrading the affected yangzongzhuan RuoYi component or product, as no patches or fixes have been documented. Since the vulnerability arises from improper input sanitization in the filterKeyword function, applying strict input validation and sanitization on user inputs before they reach the SQL query construction is recommended. Additionally, consider implementing web application firewalls (WAFs) to block SQL injection attempts, especially those using URL-encoded whitespace characters like '%09'. Monitoring and restricting remote access to the vulnerable component can also reduce risk. Ultimately, removing or updating the vulnerable code is advised. [1]