CNNVD-202509-4224 Information

CNNVD ID

CNNVD-202509-4224

Related CVE

CVE-2025-10987

• CNNVD Published: 2025-09-26

Description (Chinese)

yudao-cloud是YunaiV个人开发者的一个后台管理系统。 yudao-cloud 2025.09及之前版本存在授权问题漏洞，该漏洞源于文件/crm/contact/transfer中参数contactId授权不当，可能导致远程攻击。

Description (English)

Yudao-cloud is a back-office management system for YunaiV personal developers. There is a mandate gap in yudao-cloud 2025.09 and earlier versions, which stems from the inappropriate authorization of the parameter subjectId in document/crm/contact/transfer, which could lead to a long-range attack.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

个人开发者

Published

2025-09-26

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.325910 https://vuldb.com/?id.325910 https://vuldb.com/?submit.653735 https://www.cnblogs.com/aibot/p/19063573