What is CVE-2025-1216?

A medium-severity SQL injection vulnerability has been discovered in r1bbit's yimioa component, affecting all versions prior to 2024.07.04. Immediate action is recommended to mitigate potential risks.

What is the severity of CVE-2025-1216?

CVE-2025-1216 has a severity rating of MEDIUM with a CVSS base score of 5.3.

CVE-2025-1216 | Medium Vulnerability in r1bbit yimioa

A vulnerability, which was classified as critical, has been found in yimioa up to version 2024.07.03. This issue affects the function selectNoticeList of the file com/cloudweb/oa/mapper/xml/OaNoticeMapper.xml. The manipulation of the argument sort leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Organizations should prioritize patching immediately.

Upgrading to version 2024.07.04 is able to address this issue. Organizations using affected versions should take immediate action to prevent exploitation.

Risk to organizations includes the potential for unauthorized access to sensitive data through SQL injection. Given the medium severity of this vulnerability, it is crucial for organizations to assess their exposure and apply the necessary patches.

Public exploit availability increases the urgency for organizations to remediate this vulnerability to mitigate any potential risks.

Vulnerability Details

This vulnerability allows for SQL injection via the sort argument in the selectNoticeList function. It has been classified with a CVSS score of 5.3 (medium severity) under CVSS version 4.0, indicating a network attack vector with low complexity and low privileges required.

The affected component is yimioa by r1bbit, with the vulnerability identified in versions prior to 2024.07.04. The last modification date was on August 26, 2025.

CWE classifications for this vulnerability include CWE-89 (SQL Injection) and CWE-74 (Injection).

Technical Analysis

The root cause of this vulnerability stems from improper input validation of the sort argument, which allows attackers to manipulate SQL queries executed by the application. This can lead to unauthorized data disclosure or modification.

The attack vector is network-based, requiring no user interaction and minimal privileges, which makes it easier for attackers to exploit. The attack complexity is low, allowing for straightforward exploitation.

In terms of impact, the confidentiality, integrity, and availability impacts are classified as low, but the potential for exploitation is significant, given the public availability of the exploit.

Risk & Impact Analysis

Organizations utilizing the affected version of yimioa face risks of SQL injection attacks that could lead to unauthorized access to their databases and sensitive user information. The blast radius for this vulnerability is significant, given the potential for widespread exploitation in networked environments.

Urgency for organizations to address this vulnerability is high due to the medium severity classification and the public disclosure of the exploit. Immediate remediation is advised to protect against potential data breaches.

Exploitation Status

Signal	Status
Known Exploit	Yes
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

All versions of yimioa prior to 2024.07.04 are affected by this vulnerability.

Mitigation & Remediation

Organizations should upgrade to version 2024.07.04 to remediate this vulnerability. If an upgrade is not possible, consider implementing input validation to sanitize user inputs and prevent SQL injection attacks. Additionally, regular security assessments should be conducted.

For further assistance, organizations may consider engaging in penetration testing services to identify similar weaknesses.

Detection Guidance

Monitoring logs for anomalies related to the selectNoticeList function and unusual SQL queries can help detect potential exploitation attempts. Additionally, reviewing access logs for unauthorized access patterns can be beneficial.

AppSecure Threat Intelligence Insight

Long-term significance of this vulnerability highlights the necessity for proactive security measures, including regular updates and security assessments. Organizations should learn from such vulnerabilities to strengthen their application security posture.

For organizations focusing on security, it is essential to build a robust vulnerability management program that addresses risks effectively.

Moreover, adopting best practices in penetration testing methodology can further mitigate the risks associated with vulnerabilities like this.

Finally, integrating continuous security practices, as outlined in the continuous security testing framework will provide ongoing protection against emerging threats.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-1216: Medium Vulnerability in r1bbit yimioa