Executive Summary

[{'type': 'paragraph', 'content': "CVE-2025-70058 is an Improper Certificate Validation vulnerability (CWE-295) found in YMFE yapi version 1.12.0. The issue occurs because the application disables TLS/SSL certificate validation by setting the 'rejectUnauthorized' option to false in the HTTPS agent configuration used by Axios for HTTPS requests."}, {'type': 'paragraph', 'content': "This misconfiguration means that the application does not verify the authenticity of the server's TLS/SSL certificate, which can allow attackers to perform man-in-the-middle (MITM) attacks by spoofing servers."}] [2]

Useful 0 Not Useful 0

Impact Analysis

Because TLS/SSL certificate validation is disabled, attackers can intercept and manipulate data transmitted between the client and server by impersonating the server.

• Sensitive data transmitted over HTTPS connections can be exposed to attackers.
• Man-in-the-middle (MITM) attacks become possible, compromising confidentiality and integrity of communications.
• Users and systems relying on secure connections may be misled into trusting malicious servers.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability involves the application disabling TLS/SSL certificate validation by setting 'rejectUnauthorized' to false in the HTTPS agent configuration for Axios requests."}, {'type': 'paragraph', 'content': "To detect this vulnerability on your system, you can inspect the source code or configuration files of the yapi application (version 1.12.0) to check if the 'rejectUnauthorized' option is set to false in HTTPS agent configurations."}, {'type': 'paragraph', 'content': 'Additionally, you can monitor network traffic for HTTPS requests that do not properly validate certificates, which might indicate the vulnerability is being exploited.'}, {'type': 'list_item', 'content': "Use grep or similar commands to search for 'rejectUnauthorized' in the yapi source code or configuration files, for example: grep -r 'rejectUnauthorized' /path/to/yapi"}, {'type': 'list_item', 'content': 'Use network analysis tools like Wireshark or tcpdump to capture HTTPS traffic and look for suspicious man-in-the-middle activity.'}] [2]

Useful 0 Not Useful 0

Mitigation Strategies

[{'type': 'paragraph', 'content': 'The immediate mitigation step is to ensure that TLS/SSL certificate validation is properly enabled in the yapi application.'}, {'type': 'paragraph', 'content': "Specifically, you should change the HTTPS agent configuration in Axios requests to set 'rejectUnauthorized' to true, or remove the setting if it defaults to true."}, {'type': 'paragraph', 'content': 'This change will prevent the application from accepting invalid or spoofed certificates, thereby protecting against man-in-the-middle attacks.'}, {'type': 'paragraph', 'content': 'Additionally, review and update your deployment to the latest secure version of yapi if available, and monitor for any patches addressing this issue.'}] [2]

Useful 0 Not Useful 0