CVE-2025-14185

Name of the Vulnerable Software and Affected Versions Yonyou U8 Cloud versions 5.0, 5.0sp, 5.1, and 5.1sp

Description A SQL injection issue exists in Yonyou U8 Cloud. The issue is due to manipulation of the usercode argument within an unknown function of the file nc/pubitf/erm/mobile/appservice/AppServletService.class. This manipulation can be exploited remotely. The exploit is publicly available.

Recommendations Versions prior to 5.0sp, 5.1, and 5.1sp should be updated. At the moment, there is no information about a newer version that contains a fix for this vulnerability.