CVE-2025-10473 – This SQL injection vulnerability in RuoYi's bla... (How to Fix)

Q: What is the severity of CVE-2025-10473?

CVE-2025-10473 has a CVSS score of 6.3 (MEDIUM). This SQL injection vulnerability in RuoYi's blacklist handler allows attackers to execute arbitrary SQL commands on affected systems. It affects RuoYi versions up to 4.8.1 and can be exploited remotely without authentication.

📋 TL;DR

This SQL injection vulnerability in RuoYi's blacklist handler allows attackers to execute arbitrary SQL commands on affected systems. It affects RuoYi versions up to 4.8.1 and can be exploited remotely without authentication.

💻 Affected Systems

Products:

yangzongzhuan RuoYi

Versions: Up to and including 4.8.1

Operating Systems: All platforms running RuoYi

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the filterKeyword function in /com/ruoyi/common/utils/sql/SqlUtil.java component

📦 What is this software?

Ruoyi by Ruoyi

View all CVEs affecting Ruoyi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, and potential remote code execution via database functions.

🟠

Likely Case

Unauthorized data access, data exfiltration, and potential privilege escalation within the database.

🟢

If Mitigated

Limited impact with proper input validation and database permissions restricting damage to non-critical data.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit available on GitHub, remote exploitation possible

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.8.2 or later

Vendor Advisory: https://github.com/yangzongzhuan/RuoYi

Restart Required: Yes

Instructions:

1. Update RuoYi to version 4.8.2 or later. 2. Restart the application server. 3. Verify the SqlUtil.java file has proper input sanitization.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement additional input validation for all user inputs before reaching the filterKeyword function

WAF Rule

all

Deploy web application firewall rules to block SQL injection patterns

🧯 If You Can't Patch

Implement strict input validation and parameterized queries in application code
Restrict database user permissions to minimum required access

🔍 How to Verify

Check if Vulnerable:

Check RuoYi version in application properties or by examining the SqlUtil.java file for vulnerable filterKeyword function

Check Version:

Check ruoyi-admin/target/classes/application.yml or pom.xml for version

Verify Fix Applied:

Verify version is 4.8.2+ and SqlUtil.java contains proper SQL injection protections

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts with SQL patterns
Unexpected database errors

Network Indicators:

HTTP requests containing SQL keywords to RuoYi endpoints
Unusual outbound database connections

SIEM Query:

source="web_logs" AND (url="*filterKeyword*" OR url="*SqlUtil*" OR method="POST" AND (body="*SELECT*" OR body="*UNION*" OR body="*OR 1=1*"))

📊 Metadata

CVE ID: CVE-2025-10473

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-74

EPSS Score: 0.02% exploit probability (4.5th percentile)

Published: September 15, 2025

Last Updated: September 17, 2025

🔗 References

https://github.com/mo957/vuln/blob/main/ruoyi_sqlinject/ruoyi_sqlinject.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.323905 Permissions Required,VDB Entry
https://vuldb.com/?id.323905 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.648475 Third Party Advisory,VDB Entry
https://github.com/mo957/vuln/blob/main/ruoyi_sqlinject/ruoyi_sqlinject.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10473, you might also want to check these: