Cyber Resilience

CVE-2025-70059

HighDDoS

Published: 09 March 2026

Published
09 March 2026
Modified
13 March 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0006 18.5th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-70059 is a high-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Ymfe Yapi. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 18.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).

Deeper analysis

CVE-2025-70059 is an uncontrolled resource consumption vulnerability (CWE-400) discovered in YMFE yapi version 1.12.0. This flaw enables attackers to trigger a denial of service condition by exhausting resources. The vulnerability was published on 2026-03-09T15:15:52.333 and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to its impact on availability.

Unauthenticated attackers can exploit this vulnerability remotely over the network with low attack complexity and no requirement for user interaction. Successful exploitation leads to a denial of service, disrupting service availability without compromising confidentiality or integrity.

Mitigation details and additional information are available in the following references: https://gist.github.com/zcxlighthouse/e6090e95643c1b1cd4ecc2088c4e77ef, https://github.com/YMFE, and https://github.com/YMFE/yapi.

EU & UK References

Vulnerability details

An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in YMFE yapi v1.12.0 and allows attackers to cause a denial of service.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Uncontrolled resource consumption (CWE-400) in a remotely accessible application directly enables application or system exploitation to achieve denial of service via resource exhaustion.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-70058Same product: Ymfe Yapi
CVE-2024-56921Shared CWE-400
CVE-2026-33538Shared CWE-400
CVE-2026-0517Shared CWE-400
CVE-2026-6051Shared CWE-400
CVE-2026-21945Shared CWE-400
CVE-2026-33750Shared CWE-400
CVE-2024-33618Shared CWE-400
CVE-2025-69534Shared CWE-400
CVE-2025-29487Shared CWE-400

Affected Assets

ymfe
yapi
1.12.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces resource allocation constraints by process or user to prevent uncontrolled resource consumption and exhaustion in YMFE yapi.

prevent

Provides denial-of-service protections at system entry and exit points to block remote unauthenticated resource exhaustion attacks.

prevent

Validates information inputs to the system to mitigate malformed or excessive requests that trigger resource consumption in yapi.

References