CVE-2025-8847 is a cross-site scripting (XSS) vulnerability identified in the yangzongzhuan RuoYi software, specifically affecting versions 4.8.0 and 4.8.1. The vulnerability resides in the Edit function of the /system/notice/edit endpoint, where the parameters noticeTitle and noticeContent are improperly sanitized. This flaw allows an attacker to inject malicious scripts that execute in the context of a victim's browser when they view the manipulated notice content. The vulnerability is remotely exploitable without requiring authentication, although user interaction is necessary for the malicious script to execute (e.g., a user viewing the affected notice). The CVSS 4.0 base score is 5.1, indicating a medium severity level. The attack vector is network-based with low attack complexity and no privileges required, but user interaction is needed. The impact primarily affects confidentiality and integrity at a low level, with limited availability impact. The vulnerability does not require special conditions such as scope changes or elevated privileges, making it accessible to a broad range of attackers. Although no known exploits are currently observed in the wild, the public disclosure of the exploit code increases the risk of exploitation. The lack of official patches or mitigation guidance from the vendor at the time of publication further elevates the urgency for affected organizations to implement compensating controls.

For European organizations using yangzongzhuan RuoYi versions 4.8.0 or 4.8.1, this XSS vulnerability poses a risk of session hijacking, credential theft, or unauthorized actions performed in the context of authenticated users. This can lead to data leakage, unauthorized access to sensitive information, or manipulation of internal notices and communications. Given that RuoYi is a popular Java-based rapid development platform used in enterprise applications, the vulnerability could affect internal business applications, portals, or intranet systems. The impact is particularly significant for organizations relying on RuoYi for critical internal communications or workflows, as attackers could leverage the XSS flaw to conduct phishing attacks or implant persistent malicious scripts. While the vulnerability does not directly compromise system availability, the potential for data integrity and confidentiality breaches can disrupt business operations and damage organizational reputation. Additionally, compliance with GDPR and other European data protection regulations may be jeopardized if personal data is exposed or mishandled due to exploitation of this vulnerability.

To mitigate CVE-2025-8847, European organizations should prioritize upgrading to a patched version of RuoYi once available. In the absence of an official patch, immediate steps include implementing strict input validation and output encoding on the noticeTitle and noticeContent parameters to neutralize malicious scripts. Web application firewalls (WAFs) can be configured with custom rules to detect and block typical XSS payloads targeting the /system/notice/edit endpoint. Additionally, organizations should enforce Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. Regular security audits and code reviews focusing on input handling in RuoYi applications are recommended to identify and remediate similar vulnerabilities. User awareness training should be conducted to recognize suspicious notices or unexpected behavior in internal applications. Finally, monitoring logs for unusual activity related to the affected endpoint can help detect attempted exploitation attempts early.