CVE-2025-7902 is a cross-site scripting (XSS) vulnerability identified in the yangzongzhuan RuoYi framework, specifically affecting versions 4.8.0 and 4.8.1. The vulnerability resides in the addSave function within the SysNoticeController.java file (com/ruoyi/web/controller/system/SysNoticeController.java). This function fails to properly sanitize or encode user-supplied input, allowing an attacker to inject malicious scripts that execute in the context of a victim's browser. The vulnerability is remotely exploitable without authentication, requiring only user interaction to trigger the malicious payload. The disclosed CVSS 4.0 score is 5.1, categorizing it as medium severity. The attack vector is network-based (AV:N), with low attack complexity (AC:L), no privileges required (PR:L indicates low privileges, but the vector states no privileges needed), and user interaction is necessary (UI:P). The impact primarily affects confidentiality and integrity to a limited extent, with no direct impact on availability. Although no known exploits are currently active in the wild, the public disclosure of the exploit code increases the risk of exploitation. The vulnerability could be leveraged to steal session cookies, perform actions on behalf of users, or deliver further malware, especially in environments where RuoYi is used for administrative or internal web applications. The lack of an official patch link suggests that remediation may require manual code review and input validation enhancements.

For European organizations using the RuoYi framework, particularly in sectors relying on internal web portals or administrative dashboards, this XSS vulnerability poses a risk of session hijacking, credential theft, or unauthorized actions performed under the guise of legitimate users. The exploitation could lead to data leakage or manipulation, undermining trust and compliance with data protection regulations such as GDPR. Since RuoYi is a popular Java-based rapid development platform, organizations that have integrated it into their enterprise applications may face targeted attacks aiming to exploit this vulnerability. The medium severity rating indicates moderate risk, but the ease of remote exploitation and public availability of exploit code heighten the urgency for mitigation. The impact is more pronounced in environments where users have elevated privileges or where sensitive information is accessible via the affected application.

European organizations should immediately audit their use of the RuoYi framework, specifically checking for versions 4.8.0 and 4.8.1. In the absence of an official patch, developers must implement strict input validation and output encoding in the addSave function of SysNoticeController.java to neutralize malicious scripts. Employing security libraries or frameworks that automatically handle XSS prevention is recommended. Additionally, implementing Content Security Policy (CSP) headers can mitigate the impact of injected scripts by restricting script execution sources. Organizations should also conduct thorough penetration testing and code reviews to identify similar vulnerabilities elsewhere in their applications. User awareness training to recognize suspicious links or inputs can reduce the likelihood of successful exploitation. Monitoring web application logs for unusual input patterns or error messages related to the vulnerable endpoint can help detect attempted attacks early.