Is there a public PoC exploit available for CVE-2025-7907?

Yes, a public proof-of-concept exploit is available for CVE-2025-7907. Prioritise patching immediately. EPSS: 0.0%.

RuoYi CVE-2025-7907

Q: What is the CVSS score of CVE-2025-7907?

CVE-2025-7907 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

LOW

Use of Default Credentials (CWE-1392)

2025-07-20 cna@vuldb.com

Information Disclosure Ruoyi

2.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

2.1 LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 29, 2026 - 01:25 vuln.today

DescriptionCVE.org

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been classified as problematic. Affected is an unknown function of the file ruoyi-admin/src/main/resources/application-druid.yml of the component Druid. The manipulation leads to use of default credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

RuoYi up to version 4.8.1 uses hardcoded default credentials in the Druid database configuration file (application-druid.yml), allowing authenticated remote attackers to gain low-impact information disclosure. The vulnerability requires prior authentication (PR:L per CVSS 4.0) and has been publicly disclosed with exploit details available, though EPSS scoring (0.05%) and the low CVSS impact (VC:L only) suggest limited real-world exploitation risk despite the proof-of-concept availability.

Technical ContextAI

RuoYi is a Java-based rapid development platform that uses Apache Druid for database connection pooling and monitoring. The vulnerability resides in the application-druid.yml configuration file, which is part of the ruoyi-admin component. CWE-1392 (Use of Default Credentials) indicates that sensitive database credentials are hardcoded or left at their factory defaults in the configuration, exposing them to any authenticated user who can access the application or its configuration files. The Druid component exposes a web monitoring interface that may leak additional sensitive information when accessed with these default credentials.

RemediationAI

Update RuoYi to a patched version released after the public disclosure (version not independently confirmed from provided data; check yangzongzhuan/RuoYi repository releases). Immediate compensating controls: (1) Change all default Druid database credentials in application-druid.yml to strong, unique values before deployment; (2) Restrict access to the Druid web monitoring interface (typically port 8080/druid/index.html) via firewall rules or reverse proxy authentication to authorized administrators only; (3) Ensure application-druid.yml is excluded from version control repositories (add to .gitignore) and is deployed via secure configuration management (e.g., environment variables or secrets vaults, not hardcoded files); (4) Audit production environment logs for unauthorized access to Druid endpoints using default or weak credentials. See https://github.com/yangzongzhuan/RuoYi/issues/297 for detailed remediation discussion.

CVE-2025-7907 vulnerability details – vuln.today

Back