Donate Telegram

CVE-2025-70058

NONE EPSS 0.02%

Feb 23, 2026

Updated Feb 23, 2026

An

Parameter	Value
Vendor	An
Public PoC	No

An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests

References 3

https://gist.github.com/zcxlighthouse/11c53803faf23f607c2787c166e811d4

https://github.com/YMFE

https://github.com/YMFE/yapi

Share Post Share Share Share

CVE Details

CVE ID

CVE-2025-70058

Published Date

Feb 23, 2026

Vendor

An

Severity

NONE

Exploit Prediction (EPSS)

Probability of Exploit 0.02%

Likelihood of exploitation in next 30 days

Percentile: 6.6th percentile (higher than 6.6% of all CVEs)

Standard patching cycle

Impact

Minimal impact

Source

Editor's Choice