CVE-2025-10275

Name of the Vulnerable Software and Affected Versions: YunaiV yudao-cloud versions prior to 2025.09

Description: A weakness exists in YunaiV yudao-cloud that may lead to improper authorization. The issue affects an unknown part of the file /crm/business/transfer. Manipulation of the argument ids/newOwnerUserId can be exploited remotely. The exploit has been made publicly available. The vendor was contacted but did not respond.

Recommendations: Versions prior to 2025.09: Address improper authorization by carefully reviewing and securing the /crm/business/transfer file and the ids/newOwnerUserId argument.