CVE-2025-14052 | youlaitech youlai-mall 1.0.0/2.0.0 members getMemberById memberId access control

A vulnerability was found in youlaitech youlai-mall 1.0.0/2.0.0. It has been classified as critical. Affected by this vulnerability is the function getMemberById of the file /mall-ums/app-api/v1/members/. The manipulation of the argument memberId leads to improper access controls.

This vulnerability is uniquely identified as CVE-2025-14052. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-14052 | youlaitech youlai-mall 1.0.0/2.0.0 members getMemberById memberId access control

Post correlati

CVE-2023-52655 | Linux Kernel up to 5.4.264/5.10.204/5.15.143/6.1.68/6.6.7 aqc111 skb_trim wrap-around

CVE-2024-7788 | Document Foundation LibreOffice up to 24.2.4 Zip Repair Mode signature verification

CVE-2025-62483 | Zoom Workplace 6.5.0 information disclosure

CVE-2025-47273 | pypa setuptools up to 78.1.0 PackageIndex path traversal (ID 4946)