CVE-2025-14051 | youlaitech youlai-mall 1.0.0/2.0.0 addresses getById/updateAddress/deleteAddress improper control of dynamically-identified variables

Inserito da Angelo Barbosa | Dic 4, 2025 | CVE

A vulnerability was found in youlaitech youlai-mall 1.0.0/2.0.0 and classified as critical. Affected is the function getById/updateAddress/deleteAddress of the file /mall-ums/app-api/v1/addresses/. Executing manipulation can lead to improper control of dynamically-identified variables.

This vulnerability is handled as CVE-2025-14051. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-14051 | youlaitech youlai-mall 1.0.0/2.0.0 addresses getById/updateAddress/deleteAddress improper control of dynamically-identified variables

Post correlati

CVE-2024-56543 | Linux Kernel up to 6.6.63/6.11.10/6.12.1 ath12k dp_rx.c rx_tid::ab stack-based overflow

CVE-2024-55228 | Dolibarr CRM 21.0.0-beta Product Module Title cross site scripting

CVE-2023-50923 | QUIC 17.4 Latency Spin Bit unknown vulnerability

CVE-2024-31799 | GNCC GC2 Indoor Security Camera information disclosure