CVE-2025-12008 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: May 14, 2026
APPYAP Technology and Information Inc. Yaay Social Media App - Authorization Bypass
Overview
APPYAP Technology and Information Inc. Yaay Social Media App 3.8.0 through 24102025 contains an authorization bypass caused by user-controlled key in access control, letting attackers access functionality not properly constrained by ACLs, exploit requires crafted requests.
Severity & Score
Impact
Attackers can bypass authorization to access restricted functionality, potentially leading to unauthorized actions or data exposure.
Mitigation
Update to the latest version beyond 24102025.
Social Media Activity(2 posts)
š CVE-2025-12008 - High (8.8) Authorization bypass through User-Controlled key vulnerability in APPYAP Technology and Information Inc. Yaay Social Media App allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Yaay Social Media App: from 3.8.0 t... š https://www.thehackerwire.com/vulnerability/CVE-2025-12008/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2025-12008 - High (8.8) Authorization bypass through User-Controlled key vulnerability in APPYAP Technology and Information Inc. Yaay Social Media App allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Yaay Social Media App: from 3.8.0 t... š https://www.thehackerwire.com/vulnerability/CVE-2025-12008/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2025-12008
- Severity
- High
- CVSS Score
- 8.8
- Type
- broken_access_control
- Status
- rejected
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-639
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H