CVE-2025-66744

HIGH EXPLOITED NUCLEI

Yonyou YonBIP v3 and before - Path Traversal via LoginWithV8 Interface

Title source: llm

Exploitation Summary

CVE-2025-66744 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.

Description

In Yonyou YonBIP v3 and before, the LoginWithV8 interface in the series data application service system is vulnerable to path traversal, allowing unauthorized access to sensitive information within the system

Nuclei Templates (1)

Yonyou YonBIP - Path Traversal

HIGHVERIFIEDby DhiyaneshDk

FOFA: body="YonBIP | 数据应用服务"

References (1)

Core 1

Core References

Various Sources

https://github.com/iSee857/YonYouBip-path-travel

View Writeup ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0300

EPSS Percentile 86.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

VulnCheck KEV 2026-03-30

CWE

CWE-22

Status published

Published Jan 09, 2026

Tracked Since Feb 18, 2026