CVE-2025-14086

Name of the Vulnerable Software and Affected Versions youlaitech youlai-mall versions 1.0.0 through 2.0.0

Description A flaw exists in youlaitech youlai-mall that allows for improper access controls. This is due to the manipulation of the openid argument within an unknown function located at the ''/app-api/v1/members/openid'' endpoint. The issue can be exploited remotely. The details of the exploit have been publicly released. The vendor was notified but did not respond.

Recommendations Versions prior to 1.0.0 and versions after 2.0.0 should be used. As a temporary workaround, restrict access to the ''/app-api/v1/members/openid'' endpoint. Avoid using the openid parameter in the affected API endpoint until the issue is resolved.