Cyber Posture

CVE-2025-1226

MediumPublic PoC

Published: 12 February 2025

Published
12 February 2025
Modified
26 August 2025
KEV Added
Patch
CVSS Score 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score 0.0018 39.0th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

Security Summary

CVE-2025-1226 is a vulnerability affecting ywoa versions up to 2024.07.03, specifically in the unknown code of the file /oa/setup/setup.jsp. It involves improper authorization, mapped to CWE-266 and CWE-285, and has a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). The issue allows remote manipulation and has been declared critical despite the medium CVSS rating.

Unauthenticated remote attackers (PR:N) can exploit this vulnerability with low attack complexity (AC:L) and no user interaction required (UI:N), achieving a low impact on confidentiality (C:L) with no integrity or availability disruption (I:N/A:N). The exploit has been publicly disclosed and may be used by attackers targeting affected instances.

Advisories recommend upgrading to ywoa version 2024.07.04 to address the issue. Relevant references include the issue tracker at https://gitee.com/r1bbit/yimioa/issues/IBI7PG and VulDB entries at https://vuldb.com/?ctiid.295216 and https://vuldb.com/?id.295216.

Details

CWE(s)
CWE-266CWE-285NVD-CWE-noinfo

Affected Products

r1bbit
yimioa
≤ 2024-07-04

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

CVE-2025-1226 is an improper authorization vulnerability in the public-facing web application endpoint /oa/setup/setup.jsp, exploitable remotely without authentication, directly enabling T1190: Exploit Public-Facing Application.

References