CVE-2025-14085

Name of the Vulnerable Software and Affected Versions youlaitech youlai-mall versions 1.0.0 through 2.0.0

Description A flaw exists in youlaitech youlai-mall that involves improper control of dynamically-identified variables. The issue is located within an unknown function of the /app-api/v1/orders/ API endpoint. Manipulation of the orderId parameter can lead to this improper control. Remote exploitation is possible, and the exploit has been publicly disclosed. The vendor was notified but did not respond.

Recommendations youlaitech youlai-mall version 1.0.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability. youlaitech youlai-mall version 2.0.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.