CNNVD-202512-3944 Information
CNNVD ID
CNNVD-202512-3944
Related CVE
- CNNVD Published: 2025-12-22
Description (Chinese)
youlai-boot是中国youlaiorg开源的一个权限管理系统。 youlai-boot V2.21.1版本存在安全漏洞,该漏洞源于SysUserController.java中的importUsers函数未对当前用户身份进行权限检查,可能导致普通用户将用户数据导入数据库,导致授权绕过漏洞。
Description (English)
Youlai-boot is a rights management system for the open source of youlaiorg in China. The security loophole in yourlai-boot V2.21.1, which stems from the fact that the iportUsers function in SysUserController.java does not allow the current user ’ s identity to be checked, may result in ordinary users importing user data into the database, leading to the authorization to bypass the loophole.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
youlaiorg
Published
2025-12-22
Last Modified
2026-02-24
References
https://gitee.com/youlaiorg/youlai-boot/issues/ICH8FV https://gist.github.com/old6ma/be1d4a5373ee2de901ed4c8d81485046 https://gitee.com/youlaiorg/youlai-boot/commit/9197065102f92264ded814a9d3e9f2a4ff0da121 https://access.redhat.com/security/cve/cve-2025-66736
Patch
https://gitee.com/youlaiorg/youlai-boot/releases
Share on: