CVE-2025-25585

High CVSS: 7.3

Incorrect access control in the component /config/WebSecurityConfig.java of yimioa before v2024.07.04 allows unauthorized attackers to arbitrarily modify Administrator passwords.

Vendor

R1bbit

Product

Yimioa

CWE

CWE-284

Yayın Tarihi

2025-03-18 15:16:00

Güncelleme

2025-06-19 00:16:52

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-284 Yimioa HIGH R1bbit 2025

Referanslar

https://gitee.com/r1bbit/yimioa/issues/IBI7PG

Benzer Kayıtlar

Medium

CVE-2025-25586

yimioa before v2024.07.04 was discovered to contain an information disclosure vulnerability via the component /resources…

Medium

CVE-2025-25582

yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the selectNoticeList() method at /…

Medium

CVE-2025-25580

yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the listNameBySql() method at /xml…

Medium

CVE-2025-25590

yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the component /mapper/xml/AddressD…

Medium

CVE-2025-1226

A vulnerability was found in ywoa up to 2024.07.03. It has been declared as critical. This vulnerability affects unknown…

Medium

CVE-2025-1227

A vulnerability was found in ywoa up to 2024.07.03. It has been rated as critical. This issue affects the function selec…