CVE-2025-15085 | youlaitech youlai-mall 1.0.0/2.0.0 Balance MemberController.java deductBalance improper authorization

A vulnerability was found in youlaitech youlai-mall 1.0.0/2.0.0 and classified as problematic. This affects the function deductBalance of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java of the component Balance Handler. The manipulation results in improper authorization.

This vulnerability is reported as CVE-2025-15085. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-15085 | youlaitech youlai-mall 1.0.0/2.0.0 Balance MemberController.java deductBalance improper authorization

Post correlati

CVE-2025-6587 | Docker Desktop up to 4.42.1 Environment Variable log file

CVE-2025-14006 | dayrui XunRuiCMS up to 4.7.1 Add Data Validation Page data[name] cross site scripting

CVE-2024-50151 | Linux Kernel up to 5.15.169/6.1.114/6.6.58/6.11.5 mount.cifs smb2_set_next_command permission

CVE-2025-0714 | Mobatek MobaXterm up to 24.x AES weak iv