Vulnerability Details CVE-2025-70058
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 3.4%
CVSS Severity
CVSS v3 Score 7.4
References