YesWiki < 4.5.2 Unauthenticated Path Traversal (CVE-2025-31131)
Overview
YesWiki < 4.5.2 Unauthenticated Path Traversal, tracked as CVE-2025-31131, affects YesWiki installations where a template-related parameter can be used to read files outside the intended directory. YesWiki is a PHP-based wiki system for collaborative content, so file disclosure can expose application configuration and server-side data.
Vulnerability Overview
CVE-2025-31131 is a path traversal vulnerability in YesWiki's squelette parameter. The vulnerable parameter can allow read access to arbitrary files on the server when input is not properly constrained to the expected template directory.
The issue is unauthenticated, which means an attacker does not need a valid YesWiki account to reach the vulnerable behavior on an exposed affected instance.
Impact
The vulnerability is rated High with a CVSS 3.1 score of 8.6 by the GitHub advisory. Successful exploitation can expose sensitive local files, including application configuration, source code, logs, or credentials readable by the web application process.
The primary impact is confidentiality loss rather than code execution. For a wiki platform, exposed configuration files can still lead to broader compromise if they contain database credentials or integration secrets.
Vulnerability Scope
The affected product is YesWiki before 4.5.2. The vulnerability is fixed in YesWiki 4.5.2.
The highest-risk deployments are public YesWiki installations running versions earlier than 4.5.2 where the vulnerable parameter can be reached by unauthenticated users.
Lab Focus
This Hackviser lab focuses on understanding how path traversal in template selection or file loading logic can expose server-side files. You will practice identifying affected YesWiki versions, recognizing arbitrary file read impact, and connecting path traversal risk to PHP application hardening.