CVE-2025-31131

YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability is fixed in 4.5.2.

CVSS v3 8.6 HIGH

8.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/YesWiki/yeswiki/commit/f78c915369a60c74ab8f38561ae93a4aaca9b989	Patch
https://github.com/YesWiki/yeswiki/security/advisories/GHSA-w34w-fvp3-68xm	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:yeswiki:yeswiki:*:*:*:*:*:*:*:*

History

09 May 2025, 14:04

Type	Values Removed	Values Added
References	~~() https://github.com/YesWiki/yeswiki/commit/f78c915369a60c74ab8f38561ae93a4aaca9b989 -~~	() https://github.com/YesWiki/yeswiki/commit/f78c915369a60c74ab8f38561ae93a4aaca9b989 - Patch
References	~~() https://github.com/YesWiki/yeswiki/security/advisories/GHSA-w34w-fvp3-68xm -~~	() https://github.com/YesWiki/yeswiki/security/advisories/GHSA-w34w-fvp3-68xm - Exploit, Vendor Advisory
CPE		cpe:2.3:a:yeswiki:yeswiki::::::::
Summary		(es) YesWiki es un sistema wiki escrito en PHP. El parámetro squelette es vulnerable a ataques de Path Traversal, lo que permite el acceso de lectura a archivos arbitrarios en el servidor. Esta vulnerabilidad se corrigió en la versión 4.5.2.
First Time		Yeswiki Yeswiki yeswiki

01 Apr 2025, 15:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-01 15:16

Updated : 2025-05-09 14:04

NVD link : CVE-2025-31131

Mitre link : CVE-2025-31131

CVE.ORG link : CVE-2025-31131

JSON object : View

Products Affected

yeswiki

yeswiki

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2025-31131", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-04-01T15:16:07.790", "references": [{"url": "https://github.com/YesWiki/yeswiki/commit/f78c915369a60c74ab8f38561ae93a4aaca9b989", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/YesWiki/yeswiki/security/advisories/GHSA-w34w-fvp3-68xm", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability is fixed in 4.5.2."}, {"lang": "es", "value": "YesWiki es un sistema wiki escrito en PHP. El par\u00e1metro squelette es vulnerable a ataques de Path Traversal, lo que permite el acceso de lectura a archivos arbitrarios en el servidor. Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 4.5.2."}], "lastModified": "2025-05-09T14:04:06.663", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:yeswiki:yeswiki:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31021541-CDEA-40ED-A950-1B27A5EC2105", "versionEndExcluding": "4.5.2"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}