CVE-2025-7906 | yangzongzhuan RuoYi up to 4.8.1 CommonController.java uploadFile unrestricted upload (Issue 296)

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1 and classified as critical. This issue affects the function uploadFile of the file ruoyi-admin/src/main/java/com/ruoyi/web/controller/common/CommonController.java. The manipulation of the argument File leads to unrestricted upload.

The identification of this vulnerability is CVE-2025-7906. The attack may be initiated remotely. Furthermore, there is an exploit available.VulDB Recent EntriesRead More