CVE-2025-7906 | yangzongzhuan RuoYi up to 4.8.1 CommonController.java uploadFile unrestricted upload (Issue 296)

Inserito da Angelo Barbosa | Lug 19, 2025 | CVE

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1 and classified as critical. This issue affects the function uploadFile of the file ruoyi-admin/src/main/java/com/ruoyi/web/controller/common/CommonController.java. The manipulation of the argument File leads to unrestricted upload.

The identification of this vulnerability is CVE-2025-7906. The attack may be initiated remotely. Furthermore, there is an exploit available.

CVE-2025-7906 | yangzongzhuan RuoYi up to 4.8.1 CommonController.java uploadFile unrestricted upload (Issue 296)

Post correlati

CVE-2025-28243 | Alteryx Server 2023.1.1.460 cross site scripting

CVE-2024-33109 | Tiptel IP 286 2.61.13.10 Web Interface path traversal

CVE-2024-45618 | libopensc pkcs15init uninitialized pointer

CVE-2025-49219 | Trend Micro Apex Central GetReportDetailView deserialization