CVE-2025-14051

Name of the Vulnerable Software and Affected Versions youlaitech youlai-mall versions 1.0.0 through 2.0.0

Description A flaw exists in youlaitech youlai-mall versions 1.0.0 through 2.0.0 related to improper control of dynamically-identified variables. The issue is present in the getById(), updateAddress(), and deleteAddress() functions within the /mall-ums/app-api/v1/addresses/ file. This issue can be exploited remotely. The exploit has been published.

Recommendations Update to a version of youlaitech youlai-mall newer than 2.0.0. As a temporary workaround, restrict access to the /mall-ums/app-api/v1/addresses/ file. Disable the getById(), updateAddress(), and deleteAddress() functions until a patch is available.