CVE-2025-70059
Published: 09 March 2026
Summary
CVE-2025-70059 is a high-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Ymfe Yapi. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 18.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).
Deeper analysis
CVE-2025-70059 is an uncontrolled resource consumption vulnerability (CWE-400) discovered in YMFE yapi version 1.12.0. This flaw enables attackers to trigger a denial of service condition by exhausting resources. The vulnerability was published on 2026-03-09T15:15:52.333 and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to its impact on availability.
Unauthenticated attackers can exploit this vulnerability remotely over the network with low attack complexity and no requirement for user interaction. Successful exploitation leads to a denial of service, disrupting service availability without compromising confidentiality or integrity.
Mitigation details and additional information are available in the following references: https://gist.github.com/zcxlighthouse/e6090e95643c1b1cd4ecc2088c4e77ef, https://github.com/YMFE, and https://github.com/YMFE/yapi.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-208415
Vulnerability details
An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in YMFE yapi v1.12.0 and allows attackers to cause a denial of service.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Uncontrolled resource consumption (CWE-400) in a remotely accessible application directly enables application or system exploitation to achieve denial of service via resource exhaustion.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces resource allocation constraints by process or user to prevent uncontrolled resource consumption and exhaustion in YMFE yapi.
Provides denial-of-service protections at system entry and exit points to block remote unauthenticated resource exhaustion attacks.
Validates information inputs to the system to mitigate malformed or excessive requests that trigger resource consumption in yapi.