CNNVD-202512-4763 Information

Dec 25, 2025 cve

CNNVD ID

CNNVD-202512-4763

CVE-2025-15084

CNNVD Published: 2025-12-25

Description (Chinese)

youlai-mall是youlaitech开源的一个全栈商城系统。 youlai-mall 1.0.0版本和2.0.0版本存在访问控制错误漏洞，该漏洞源于Order Payment Handler组件文件mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java中函数orderService.payOrder存在访问控制不当。

Description (English)

Youlai-mall is an all-storey mall system from the open source of youlaitech. Youlai-mall version 1.0.0 and version 2.0.0 have access control bugs, which stem from inappropriate access controls in the Order Payment Handler component file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java.

Hazard Level

Critical

Vulnerability Type

访问控制错误

Affected Vendor

youlaitech

Published

2025-12-25

Last Modified

2026-02-24

References

https://vuldb.com/?submit.708174 https://github.com/Hwwg/cve/issues/24 https://vuldb.com/?ctiid.338412 https://vuldb.com/?id.338412 https://access.redhat.com/security/cve/cve-2025-15084

Share on: