CVE-2025-25585

HIGH

R1bbit Yimioa < 2024.07.04 - Improper Access Control

Title source: rule

Description

Incorrect access control in the component /config/WebSecurityConfig.java of yimioa before v2024.07.04 allows unauthorized attackers to arbitrarily modify Administrator passwords.

Exploits (1)

gitee

by r1bbit · javawriteup

https://gitee.com/r1bbit/yimioa/issues/IBI7PG

View on gitee

References (1)

[Exploit, Issue Tracking] https://gitee.com/r1bbit/yimioa/issues/IBI7PG

Scores

CVSS v3 7.3

EPSS 0.0003

EPSS Percentile 8.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

Details

CWE

CWE-284

Status published

Products (1)

r1bbit/yimioa < 2024.07.04

Published Mar 18, 2025

Tracked Since Feb 18, 2026