Incorrect access control in the component /config/WebSecurityConfig.java of yimioa before v2024.07.04 allows unauthorized attackers to arbitrarily modify Administrator passwords.
References
Link | Resource |
---|---|
https://gitee.com/r1bbit/yimioa/issues/IBI7PG | Exploit Issue Tracking |
Configurations
History
19 Jun 2025, 00:16
Type | Values Removed | Values Added |
---|---|---|
References | () https://gitee.com/r1bbit/yimioa/issues/IBI7PG - Exploit, Issue Tracking | |
CPE | cpe:2.3:a:r1bbit:yimioa:*:*:*:*:*:*:*:* | |
First Time |
R1bbit
R1bbit yimioa |
19 Mar 2025, 19:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-284 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.3 |
Summary |
|
18 Mar 2025, 15:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-03-18 15:16
Updated : 2025-06-19 00:16
NVD link : CVE-2025-25585
Mitre link : CVE-2025-25585
CVE.ORG link : CVE-2025-25585
JSON object : View
Products Affected
r1bbit
- yimioa
CWE
CWE-284
Improper Access Control