CVE-2025-66735

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions youlai-boot version 2.21.1

Description The software contains an incorrect access control issue. The getRoleForm function in SysRoleController.java lacks proper permission checks. This may allow users without root privileges to access root roles directly.

Recommendations Apply necessary permission checks to the getRoleForm function in SysRoleController.java to prevent unauthorized access to root roles.

Fix

Improper Access Control

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-862

Related Identifiers

CVE-2025-66735

Affected Products

Youlai-Boot

CVE-2025-66735

Weakness Enumeration

Related Identifiers

Affected Products

References · 9