PT-2025-48166 · Unknown · Youlai-Boot
Published
2025-11-26
·
Updated
2025-12-05
·
CVE-2025-55471
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
youlai-boot version 2.21.1
Description
An access control issue exists in the
getUserFormData function. This allows unauthorized access to sensitive information belonging to other users. The issue involves insufficient restrictions on who can access user data.Recommendations
Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the
getUserFormData function until a patch is available.Fix
Missing Authorization
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Youlai-Boot