CNNVD-202512-4755 Information

Dec 25, 2025 cve

CNNVD ID

CNNVD-202512-4755

CVE-2025-15086

CNNVD Published: 2025-12-25

Description (Chinese)

youlai-mall是youlaitech开源的一个全栈商城系统。 youlai-mall 1.0.0版本和2.0.0版本存在访问控制错误漏洞，该漏洞源于文件mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java中函数getMemberByMobile存在访问控制不当。

Description (English)

Youlai-mall is an all-storey mall system from the open source of youlaitech. There is a bug in access control in yourlai-mall version 1.0.0 and 2.0.0, which stems from the inappropriate access control in the middle of the document mall-ums/ums-bot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java.

Hazard Level

High

Vulnerability Type

访问控制错误

Affected Vendor

youlaitech

Published

2025-12-25

Last Modified

2026-02-24

References

https://vuldb.com/?submit.708176 https://github.com/Hwwg/cve/issues/27 https://vuldb.com/?ctiid.338414 https://vuldb.com/?id.338414 https://access.redhat.com/security/cve/cve-2025-15086

Share on: