-
-
Save old6ma/dc9e6e4a693d12c1a35fd4e1d21d4743 to your computer and use it in GitHub Desktop.
Detailed description for CVE-2025-66735
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CVE ID] | |
| CVE-2025-66735 | |
| [Product] | |
| youlai-mall | |
| [Version] | |
| before Release v3.2.0 | |
| [Vulnerability Type] | |
| CWE-284:Improper Access Control | |
| CWE-862:Missing Authorization | |
| [Description] | |
| Youlai-mall before Release v3.2.0 is vulnerable to improper access, we discovered one interface with vulnerabilities. | |
| The main function of this interface is to return the corresponding user's role information based on the input roleId. However, neither this interface function nor its callee functions perform permission checks for the current user(whether current user has privilege for accessing the role information), which may allow the current user to access others' role information by directly entering role ID. | |
| We have reported this vulnerability to the developer and received confirmation from them. The developer has also made subsequent fixes to the vulnerability. | |
| [Reference] | |
| The vulnerability:https://gitee.com/youlaiorg/youlai-boot/issues/ICH8FR | |
| Project URL:https://gitee.com/youlaiorg/youlai-boot |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment