CVE-2025-31131

HIGH NUCLEI

Yeswiki < 4.5.2 - Unauthenticated Path Traversal

Title source: nuclei
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2025-31131. PoCs published by Al Baradi Joy, MuhammadWaseem29, gmh5225. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated path traversal vulnerability in YesWiki versions before 4.5.2. It abuses the 'squelette' parameter to read arbitrary files from the server, such as /etc/passwd, by injecting traversal sequences.

Description

YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability is fixed in 4.5.2.

Exploits (3)

exploitdb WORKING POC
by Al Baradi Joy · textwebappsmultiple
https://www.exploit-db.com/exploits/52135

This exploit demonstrates an unauthenticated path traversal vulnerability in YesWiki versions before 4.5.2. It abuses the 'squelette' parameter to read arbitrary files from the server, such as /etc/passwd, by injecting traversal sequences.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: YesWiki < 4.5.2
No auth needed
Prerequisites: Network access to the target YesWiki instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by MuhammadWaseem29 · poc
https://github.com/MuhammadWaseem29/CVE-2025-31131

This is a functional exploit for CVE-2025-31131, an unauthenticated path traversal vulnerability in YesWiki < 4.5.2. The exploit reads arbitrary files via the `squelette` parameter and includes both a Python script for automated scanning and manual Burp Suite instructions.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: YesWiki < 4.5.2
No auth needed
Prerequisites: Target running vulnerable YesWiki version · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by gmh5225 · poc
https://github.com/gmh5225/Blackash-CVE-2025-31131

This repository contains a Python-based exploit for CVE-2025-31131, a path traversal vulnerability in YesWiki versions prior to 4.5.2. The exploit allows unauthenticated attackers to read arbitrary files on the server by manipulating the 'squelette' parameter.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: YesWiki < 4.5.2
No auth needed
Prerequisites: Target running vulnerable YesWiki version · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Yeswiki < 4.5.2 - Unauthenticated Path Traversal
HIGHVERIFIEDby iamnoooob,rootxharsh,pdresearch
Shodan: html:"yeswiki"

References (2)

Core 2

Scores

CVSS v3 8.6
EPSS 0.1204
EPSS Percentile 94.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-22
Status published
Products (2)
yeswiki/yeswiki < 4.5.2
yeswiki/yeswiki 0 - 4.5.2Packagist
Published Apr 01, 2025
Tracked Since Feb 18, 2026