A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1 and classified as critical. This issue affects the function uploadFile of the file ruoyi-admin/src/main/java/com/ruoyi/web/controller/common/CommonController.java. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
{
"cwe_ids": [
"CWE-284",
"CWE-434"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/7xxx/CVE-2025-7906.json",
"cna_assigner": "VulDB"
}{
"cpe": "cpe:2.3:a:ruoyi:ruoyi:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "4.8.0"
},
{
"last_affected": "4.8.0"
},
{
"introduced": "4.8.1"
},
{
"last_affected": "4.8.1"
},
{
"introduced": "0"
}
],
"source": [
"AFFECTED_FIELD",
"CPE_RANGE"
]
}