yangzongzhuan RuoYi Druid application-druid.yml default credentials_CVE-2025-7907

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been classified as problematic. Affected is an unknown function of the file ruoyi-admin/src/main/resources/application-druid.yml of the component Druid. The manipulation leads to use of default credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Basic Information

ID CVE-2025-7907

Source VulDB

Published Jul 20, 2025 at 20:32

Modified Jul 21, 2025 at 12:43

Affected Product

Vendor yangzongzhuan

Product RuoYi

Version 4.8.0

Affected Versions yangzongzhuan RuoYi 4.8.0
yangzongzhuan RuoYi 4.8.1

CWE Classification

CWE-1392

References

{
    "lastseen": "",
    "description": "A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been classified as problematic. Affected is an unknown function of the file ruoyi-admin/src/main/resources/application-druid.yml of the component Druid. The manipulation leads to use of default credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.",
    "published": "2025-07-20T20:32:05.417Z",
    "modified": "2025-07-21T12:43:57.841Z",
    "type": "cve",
    "title": "yangzongzhuan RuoYi Druid application-druid.yml default credentials",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.317022\nhttps://vuldb.com/?ctiid.317022\nhttps://vuldb.com/?submit.618362\nhttps://github.com/yangzongzhuan/RuoYi/issues/297",
    "id": "CVE-2025-7907",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1392"
    ],
    "cvelist": null,
    "sourceData": "yangzongzhuan RuoYi 4.8.0\nyangzongzhuan RuoYi 4.8.1",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "RuoYi",
    "version": "4.8.0",
    "vendor": "yangzongzhuan",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}