CVE-2025-3562
published 2025-04-14CVE-2025-3562: A vulnerability was found in Yonyou YonBIP MA2.7. It has been declared as problematic. Affected by this vulnerability is the function FileInputStream of the…
PriorityP427medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.49%
38.5th percentile
A vulnerability was found in Yonyou YonBIP MA2.7. It has been declared as problematic. Affected by this vulnerability is the function FileInputStream of the file /mobsm/common/userfile. The manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| yonyou | yonbip | — | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv4.05.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
cisa8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-39mx-m73c-fppf: A vulnerability was found in Yonyou YonBIP MA2
ghsa_unreviewed·2025-04-14
CVE-2025-3562 [MEDIUM] CWE-22 GHSA-39mx-m73c-fppf: A vulnerability was found in Yonyou YonBIP MA2
A vulnerability was found in Yonyou YonBIP MA2.7. It has been declared as problematic. Affected by this vulnerability is the function FileInputStream of the file /mobsm/common/userfile. The manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CISA
TP-Link Multiple Routers Command Injection Vulnerability
cisa·2025-06-16·CVSS 8.8
CVE-2023-33538 [HIGH] CWE-77 TP-Link Multiple Routers Command Injection Vulnerability
Vulnerability: TP-Link Multiple Routers Command Injection Vulnerability
Affected: TP-Link Multiple Routers
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: https://www.tp-link.com/nordic/support/faq/3562/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-33538
Remediation Due Date: 2025-07-07
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-04-14
Published