CVE-2025-7906 – “Yangzongzhuan RuoYi Unrestricted File Upload Vulnerability”

July 20, 2025

CVE ID : CVE-2025-7906

Published : July 20, 2025, 8:15 p.m. | 3 hours, 2 minutes ago

Description : A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1 and classified as critical. This issue affects the function uploadFile of the file ruoyi-admin/src/main/java/com/ruoyi/web/controller/common/CommonController.java. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-7907 – Yangzongzhuan RuoYi Default Credential Vulnerability (Druid)

Next Article CVE-2025-49087 – Mbed TLS Block Cipher Padding Timing Attack

In-House vs. Outsource Node.js Development Teams: 9 Key Differences for the C-Suite (2025)

Why Non-Native Content Designers Improve Global UX

DevOps won’t scale without platform engineering and here’s why your teams are still stuck

This week in AI dev tools: Slack’s enterprise search, Claude Code’s analytics dashboard, and more (July 18, 2025)

DistroWatch Weekly, Issue 1131

I ditched my Bluetooth speakers for this slick turntable – and it’s more practical than I thought

This split keyboard offers deep customization – if you’re willing to go all in

I spoke with an AI version of myself, thanks to Hume’s free tool – how to try it

The details of TC39’s last meeting

The details of TC39’s last meeting

Simple wrapper for Chrome’s built-in local LLM (Gemini Nano)

Online Examination System using PHP and MySQL

Windows 11 tests “shared audio” to play music via multiple devices, new taskbar animations

Windows 11 tests “shared audio” to play music via multiple devices, new taskbar animations

WhatsApp for Windows 11 is switching back to Chromium web wrapper from UWP/native

DistroWatch Weekly, Issue 1131

CVE-2025-7906 – “Yangzongzhuan RuoYi Unrestricted File Upload Vulnerability”

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

Handling Indentation in VS Code

Europol Arrests Five SmokeLoader Clients Linked by Seized Database Evidence

Slack’s Business+ Plan Jumps to $15/Month With New AI Perks Included

Fraud detection empowered by federated learning with the Flower framework on Amazon SageMaker AI

CVE-2025-6185 – Leviton AcquiSuite and Energy Monitoring Hub Cross-Site Scripting (XSS)

IBM THINK: IBM introduces new tools to help with scaling AI agents across the enterprise

Indiana Jones and the Great Circle gets new skill books and better ray tracing on Xbox and PC

Android Show: Google to Unveil OS Future Before I/O 2025

CVE-2025-7906 – “Yangzongzhuan RuoYi Unrestricted File Upload Vulnerability”

Related Posts