Cyber Resilience

CVE-2025-1226

MediumPublic PoC

Published: 12 February 2025

Published
12 February 2025
Modified
26 August 2025
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0018 39.2th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1226 is a medium-severity Incorrect Privilege Assignment (CWE-266) vulnerability in R1Bbit Yimioa. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 39.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2025-1226 is a vulnerability affecting ywoa versions up to 2024.07.03, specifically in the unknown code of the file /oa/setup/setup.jsp. It involves improper authorization, mapped to CWE-266 and CWE-285, and has a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). The issue allows remote manipulation and has been declared critical despite the medium CVSS rating.

Unauthenticated remote attackers (PR:N) can exploit this vulnerability with low attack complexity (AC:L) and no user interaction required (UI:N), achieving a low impact on confidentiality (C:L) with no integrity or availability disruption (I:N/A:N). The exploit has been publicly disclosed and may be used by attackers targeting affected instances.

Advisories recommend upgrading to ywoa version 2024.07.04 to address the issue. Relevant references include the issue tracker at https://gitee.com/r1bbit/yimioa/issues/IBI7PG and VulDB entries at https://vuldb.com/?ctiid.295216 and https://vuldb.com/?id.295216.

EU & UK References

Vulnerability details

A vulnerability was found in ywoa up to 2024.07.03. It has been declared as critical. This vulnerability affects unknown code of the file /oa/setup/setup.jsp. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been…

more

disclosed to the public and may be used. Upgrading to version 2024.07.04 is able to address this issue. It is recommended to upgrade the affected component.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

CVE-2025-1226 is an improper authorization vulnerability in the public-facing web application endpoint /oa/setup/setup.jsp, exploitable remotely without authentication, directly enabling T1190: Exploit Public-Facing Application.

CVEs Like This One

CVE-2025-1216Same product: R1Bbit Yimioa
CVE-2025-1224Same product: R1Bbit Yimioa
CVE-2025-1227Same product: R1Bbit Yimioa
CVE-2025-25585Same product: R1Bbit Yimioa
CVE-2026-1597Shared CWE-266, CWE-285
CVE-2025-8756Shared CWE-266, CWE-285
CVE-2026-2105Shared CWE-266, CWE-285
CVE-2025-1815Shared CWE-266, CWE-285
CVE-2025-0484Shared CWE-266, CWE-285
CVE-2026-3724Shared CWE-266, CWE-285

Affected Assets

r1bbit
yimioa
≤ 2024-07-04

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and patching of the improper authorization flaw in /oa/setup/setup.jsp by upgrading to ywoa version 2024.07.04.

prevent

Mandates enforcement of approved authorizations for access to system resources like /oa/setup/setup.jsp, directly countering the improper authorization vulnerability.

prevent

Limits and documents permitted actions without identification or authentication, ensuring sensitive setup functionality requires authentication to prevent unauthenticated remote exploitation.

References