CVE-2025-70058 | THREATINT

Description

An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests

PUBLISHED Reserved 2026-01-09 | Published 2026-02-23 | Updated 2026-02-23 | Assigner mitre

References

github.com/YMFE/yapi

github.com/YMFE

gist.github.com/...ghthouse/11c53803faf23f607c2787c166e811d4

cve.org (CVE-2025-70058)

nvd.nist.gov (CVE-2025-70058)

Download JSON