What is CVE-2025-1224?

A medium-severity SQL injection vulnerability has been identified in r1bbit's yimioa component. Organizations are advised to upgrade to version 2024.07.04 to mitigate potential risks. Immediate action is recommended to address this vulnerability.

What is the severity of CVE-2025-1224?

CVE-2025-1224 has a severity rating of MEDIUM with a CVSS base score of 5.3.

CVE-2025-1224 | Medium Vulnerability in r1bbit yimioa

A vulnerability classified as critical was found in yimioa up to version 2024.07.03. This vulnerability affects the function listNameBySql of the file com/cloudweb/oa/mapper/xml/UserMapper.xml. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Organizations should prioritize upgrading to version 2024.07.04 to address this issue.

The CVSS score for this vulnerability is 5.3, indicating a medium severity level. The attack vector is network-based with low complexity, meaning that attackers with low privileges can exploit the vulnerability without user interaction. Risk to organizations includes potential unauthorized data access and integrity issues.

Organizations should address this vulnerability in their priority patch cycle. Regular vulnerability assessments and timely patch management can significantly reduce the risk of exploitation.

For ongoing protection, security teams are encouraged to implement logging and monitoring for any suspicious activities related to the affected component.

Vulnerability Details

The vulnerability is classified as SQL injection, specifically affecting the yimioa component from r1bbit. The official CVE description states that this vulnerability affects the function listNameBySql in the specified XML file. Upgrading to version 2024.07.04 addresses this issue, and organizations are recommended to take immediate action.

The CVSS version 3.1 score indicates a base severity of high, with a score of 8.8 reflecting high confidentiality, integrity, and availability impacts.

Technical Analysis

The root cause of this vulnerability stems from improper input validation, which allows attackers to manipulate SQL queries executed by the application. The attack vector is network-based, meaning it can be exploited remotely. The attack complexity is low, and low privileges are required to exploit the vulnerability, making it accessible to a wider range of attackers.

User interaction is not required, and there is a low impact on confidentiality, integrity, and availability. Security teams should consider the potential blast radius of this vulnerability, as it could affect multiple users and systems.

Risk & Impact Analysis

Real-world deployment risk includes the potential for unauthorized access to sensitive data and the ability for attackers to manipulate database content. Given the application's potential exposure to the internet, organizations must assess their current security posture and address this vulnerability urgently.

The urgency is classified as medium based on the CVSS score, and organizations should schedule remediation as part of their regular patch management cycles.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected version of the yimioa component is up to 2024.07.03. Organizations should upgrade to version 2024.07.04 to eliminate this vulnerability.

Mitigation & Remediation

To mitigate this vulnerability, organizations should upgrade to version 2024.07.04 of the yimioa component. If an immediate upgrade is not possible, consider implementing network controls and configuration hardening to limit exposure. Regular monitoring for unusual database access patterns is also recommended.

Organizations should validate remediation through continuous penetration testing to identify similar weaknesses.

Detection Guidance

Organizations should monitor logs for unusual SQL query patterns, particularly around the affected function. Implementing detection mechanisms to identify potential SQL injection attempts can enhance security posture.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability lies in the increasing trend of SQL injection attacks across various platforms. Security teams should focus on developing robust input validation mechanisms and continuous security assessments.

For further insights, organizations may refer to our guide on penetration testing methodology and maintain an adaptive security posture.

Additionally, the adoption of a vulnerability management program can significantly improve defense against similar vulnerabilities.

Organizations should also consider implementing API security testing to identify potential vulnerabilities before they can be exploited.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-1224: Medium Vulnerability in r1bbit yimioa