CVE-2025-7903
Published: 20 July 2025
Summary
CVE-2025-7903 is a low-severity Improper Restriction of Rendered UI Layers or Frames (CWE-1021) vulnerability in Ruoyi Ruoyi. Its CVSS base score is 2.1 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 35.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-22029
Vulnerability details
A vulnerability classified as problematic was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the component Image Source Handler. The manipulation leads to improper restriction of rendered ui layers. The attack can…
more
be launched remotely. The exploit has been disclosed to the public and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability in the Image Source Handler enables remote exploitation of a public-facing web application (T1190). It also facilitates internal service probing and information gathering via user-controlled img src loading untrusted frames (T1046).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.