What is CVE-2025-24019?

A high-severity vulnerability in YesWiki allows authenticated users to arbitrarily delete files, risking data loss and website integrity. Organizations should prioritize patching this vulnerability.

What is the severity of CVE-2025-24019?

CVE-2025-24019 has a severity rating of HIGH with a CVSS base score of 7.1.

CVE-2025-24019 | High Vulnerability in YesWiki

CVE-2025-24019 is a high-severity vulnerability affecting YesWiki, a PHP-based wiki system, present in versions up to and including 4.4.5. This vulnerability allows any authenticated user to delete any file owned by the user running the FastCGI Process Manager (FPM) on the host without restrictions on the filesystem's scope. The implications of this vulnerability are severe, as it can lead to partial data loss and significant defacement or deterioration of the website.

Exploiting this vulnerability does not require high privileges or user interaction, making it accessible to a wide range of attackers. In a standard installation, the FPM process may be owned by the same user as critical PHP files. Thus, a malicious authenticated user could potentially delete essential files such as index.php, effectively cutting off access to the wiki entirely.

This vulnerability has been assigned a CVSS score of 7.1, indicating a high level of severity. Organizations utilizing YesWiki should prioritize patching to version 4.5.0, which addresses this issue, to prevent potential exploitation.

Organizations should prioritize patching immediately. The risk to organizations includes unauthorized file deletion and potential loss of data integrity.

Security teams should also consider implementing additional access controls and monitoring mechanisms to detect any unauthorized activities related to file management in YesWiki.

For further context on vulnerabilities and their management, organizations can explore resources on vulnerability management programs and penetration testing methodologies.

This vulnerability is classified under CWE-22, indicating improper limitation of a pathname to a restricted directory. Understanding the underlying causes of such vulnerabilities is essential for effective remediation and prevention.

It's crucial for security teams to remain vigilant and proactive in addressing known vulnerabilities. Regular updates and audits of the systems can significantly mitigate the risks associated with such vulnerabilities.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE ID

Severity

CVE-2025-65418

HIGH

CVE-2025-65417

MEDIUM

CVE-2025-65416

MEDIUM

CVE-2025-65415

MEDIUM

CVE-2025-61314

HIGH

CVE-2025-24019: High Vulnerability in YesWiki

Latest CVEs. Recently published vulnerabilities from the NVD database.

Protect Your Business with Hacker-Focused Approach.