CVE-2025-10277

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: YunaiV yudao-cloud versions prior to 2025.09

Description: A vulnerability exists in YunaiV yudao-cloud that affects processing of the file /crm/receivable/submit. Manipulation of the ID argument results in improper authorization, and the attack can be executed remotely. The exploit is publicly available. The vendor was contacted but did not respond.

Recommendations: Versions prior to 2025.09: Address improper authorization related to the manipulation of the ID argument in the /crm/receivable/submit file processing.

Exploit

Fix

Improper Authorization

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-266

Related Identifiers

CVE-2025-10277

Affected Products

Yudao-Cloud

CVE-2025-10277

Weakness Enumeration

Related Identifiers

Affected Products

References · 7