CVE-2025-8847 is a cross-site scripting (XSS) vulnerability identified in the yangzongzhuan RuoYi software, specifically affecting versions 4.8.0 and 4.8.1. The vulnerability resides in the Edit function of the /system/notice/edit endpoint, where improper sanitization or validation of user-supplied input in the parameters noticeTitle and noticeContent allows an attacker to inject malicious scripts. Because the vulnerability can be exploited remotely without authentication, an attacker can craft a specially crafted request that, when processed by the vulnerable endpoint, results in the execution of arbitrary JavaScript code in the context of the victim's browser. This can lead to session hijacking, defacement, or redirection to malicious sites. The CVSS 4.0 base score is 5.1 (medium severity), reflecting the network attack vector, low attack complexity, no privileges required, but requiring user interaction (e.g., victim must view the malicious content). The vulnerability does not impact confidentiality directly but has limited impact on integrity and availability. Although no public exploits are currently known in the wild, the disclosure of the vulnerability and the availability of technical details increase the risk of exploitation. No official patches or mitigations have been linked yet, so affected users must rely on other defensive measures until a fix is released.

For European organizations using yangzongzhuan RuoYi versions 4.8.0 or 4.8.1, this vulnerability poses a risk primarily to web application security and user trust. Successful exploitation could allow attackers to execute malicious scripts in users' browsers, potentially leading to session hijacking, credential theft, or phishing attacks. This is particularly concerning for organizations handling sensitive or regulated data, such as financial institutions, healthcare providers, or government agencies, where user session integrity is critical. The vulnerability could also be leveraged to spread malware or conduct targeted attacks against employees or customers. While the direct impact on system availability or data integrity is limited, the reputational damage and potential regulatory consequences (e.g., GDPR violations due to compromised user data) could be significant. The remote and unauthenticated nature of the exploit increases the attack surface, especially for public-facing applications. European organizations with limited web application security monitoring or outdated RuoYi deployments are at higher risk.

1. Immediate mitigation should include implementing strict input validation and output encoding on the noticeTitle and noticeContent parameters to neutralize malicious scripts. 2. Employ a Web Application Firewall (WAF) with rules targeting common XSS attack patterns to block exploit attempts at the network edge. 3. Restrict access to the /system/notice/edit endpoint to authorized users and consider adding multi-factor authentication to reduce unauthorized usage. 4. Conduct a thorough audit of all user input handling in the RuoYi application to identify and remediate similar vulnerabilities. 5. Monitor web server and application logs for suspicious requests targeting the vulnerable endpoint. 6. Educate users about the risks of clicking on suspicious links or interacting with untrusted content. 7. Stay alert for official patches or updates from yangzongzhuan and apply them promptly once available. 8. Consider deploying Content Security Policy (CSP) headers to limit the execution of unauthorized scripts in browsers. 9. If feasible, isolate or sandbox the affected application components to limit potential damage from exploitation.