CVE-2025-3562

Name of the Vulnerable Software and Affected Versions: Yonyou YonBIP MA2.7

Description: A vulnerability was found in the function FileInputStream of the file /mobsm/common/userfile. The manipulation of the argument path leads to path traversal. The attack can be launched remotely.

Recommendations: For Yonyou YonBIP MA2.7, consider restricting access to the FileInputStream function in the /mobsm/common/userfile to minimize the risk of exploitation. As a temporary workaround, avoid using the path argument in the affected function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.