What is CVE-2025-7903?

CVE-2025-7903 is a medium-severity vulnerability in Ruoyi, classified under Improper Restriction of Rendered UI Layers or Frames (Clickjacking). CVSS score: 4.3/10. Published 2025-07-20.

How severe is CVE-2025-7903?

Medium severity. CVSS v3 base score is 4.3 out of 10.

Is CVE-2025-7903 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Ruoyi

CVE-2025-7903

A vulnerability classified as problematic was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the component Image Source Handler. The manipulation leads to improper restriction of ren…

EPSS: 0.002 (35.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N.

Affected products

Ruoyi
Yangzongzhuan Ruoyi — versions 4.8.0, 4.8.1

Weakness classification (CWE)

CWE-1021 — Improper Restriction of Rendered UI Layers or Frames (Clickjacking)

Public proof-of-concept exploits

References

VDB-317017 | yangzongzhuan RuoYi Image Source ui layer (Third Party Advisory, VDB Entry, vdb-entry)
VDB-317017 | CTI Indicators (IOB, IOC) (signature, Permissions Required, permissions-required, VDB Entry)
Submit #618357 | RuoYi https://github.com/yangzongzhuan/RuoYi <=v4.8.1 Frame Injection (Third Party Advisory, VDB Entry, third-party-advisory)
cna@vuldb.com (issue-tracking, Exploit, exploit, Issue Tracking, Vendor Advisory)

Frequently asked questions

What is CVE-2025-7903?: CVE-2025-7903 is a medium-severity vulnerability in Ruoyi, classified under Improper Restriction of Rendered UI Layers or Frames (Clickjacking). CVSS score: 4.3/10. Published 2025-07-20.
How severe is CVE-2025-7903?: Medium severity. CVSS v3 base score is 4.3 out of 10.
Is CVE-2025-7903 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.