CVE Details
Basic Information
| Title | yangzongzhuan RuoYi Druid application-druid.yml default credentials |
|---|---|
| Type | cve |
| Published | 2025-07-20T20:32:05.417Z |
| Modified | 2025-07-20T20:32:05.417Z |
Product Information
| Vendor | yangzongzhuan |
|---|---|
| Product | RuoYi |
| Version | 4.8.0 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | A vulnerability in RuoYi’s Druid configuration allows attackers to use default credentials, enabling remote access. This issue affects versions 4.8.0 and 4.8.1 and has a publicly disclosed exploit. |
|---|---|
| AI Severity | Medium |
| AI Vendor | yangzongzhuan |
| AI Product | RuoYi |
| AI Version | 4.8.0, 4.8.1 |
Affected Products
- yangzongzhuan RuoYi 4.8.0
- yangzongzhuan RuoYi 4.8.1
Additional Information
| CWE List | CWE-1392 |
|---|---|
| Source | VulDB |
Description
A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been classified as problematic. Affected is an unknown function of the file ruoyi-admin/src/main/resources/application-druid.yml of the component Druid. The manipulation leads to use of default credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.