CVE-2025-31131

Published Apr 1, 2025

Last updated 4 days ago

CVSS high 8.6
PHP
YesWiki

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-31131 is a path traversal vulnerability affecting YesWiki, a PHP-based wiki system. The vulnerability exists in the 'squelette' parameter, which is susceptible to path traversal attacks. By manipulating this parameter, attackers can gain unauthorized read access to arbitrary files on the server. This vulnerability allows an attacker to access sensitive files, potentially exposing configuration data, passwords, database records, log data, source code, and program scripts. This can lead to a complete loss of confidentiality. The vulnerability affects YesWiki versions prior to 4.5.2.

Description
YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability is fixed in 4.5.2.
Source
security-advisories@github.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.6
Impact score
4
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Severity
HIGH

Weaknesses

security-advisories@github.com
CWE-22

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

16

  1. Yeswiki : Unauthenticated Path Traversal CVE-2025-31131 Severity : Critical Exploit : https://t.co/ryngTq4TW7 Refrence : https://t.co/VzarJlWTkM #bugbounty #CVE2025_31131 #YesWiki #PathTraversal https://t.co/ftFb0vSWyQ

    @wgujjer11

    4 Apr 2025

    5296 Impressions

    49 Retweets

    197 Likes

    94 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2025-31131 - high 🚨 Yeswiki < 4.5.2 - Unauthenticated Path Traversal > YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to pat... 👾 https://t.co/TVNNEverdO @pdnuclei #NucleiTemplates #cve

    @pdnuclei_bot

    4 Apr 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-31131 YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. This … https://t.co/WndInZ9fgR

    @CVEnew

    2 Apr 2025

    294 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. [CVE-2025-31131: HIGH] YesWiki PHP wiki system had a path traversal vulnerability in the squelette parameter, allowing unauthorized access to server files. Update to version 4.5.2 to fix this security flaw.#cybersecurity,#vulnerability https://t.co/ihq0Tegy84 https://t.co/6fQA8UE

    @CveFindCom

    1 Apr 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References