CVE-2025-70058

HIGH

YMFE yapi 1.12.0 - Improper Certificate Validation

Title source: llm

Description

An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests

References (3)

[Various Sources] https://gist.github.com/zcxlighthouse/11c53803faf23f607c2787c166e811d4

[Various Sources] https://github.com/YMFE

[Various Sources] https://github.com/YMFE/yapi

Scores

CVSS v3 7.4

EPSS 0.0002

EPSS Percentile 6.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-295

Status published

Products (2)

npm/yapi-vendor 0npm

ymfe/yapi 1.12.0

Published Feb 23, 2026

Tracked Since Feb 23, 2026