Path Traversal Vulnerability in Yonyou YonBIP MA2.7
CVE-2025-3562
Key Information:
- Vendor
- Yonyou
- Status
- Yonbip
- Vendor
- CVE Published:
- 14 April 2025
Badges
Summary
A path traversal vulnerability has been identified in Yonyou's YonBIP MA2.7, specifically in the FileInputStream function located in /mobsm/common/userfile. This flaw allows attackers to manipulate the argument path, potentially leading to unauthorized access to sensitive files on the server. The vulnerability can be exploited remotely, posing a significant risk to users. Despite the notification to the vendor regarding the issue, no response has been documented, leaving systems potentially exposed to exploitation.
Affected Version(s)
YonBIP MA2.7
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved