CVE-2025-66736

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Name of the Vulnerable Software and Affected Versions youlai-boot version 2.21.1

Description The software contains an authorization bypass due to incorrect access control. The importUsers function within the SysUserController.java component does not verify the permissions of the current user. This allows standard users to import user data into the database, circumventing intended authorization restrictions. The vulnerable function is importUsers.

Recommendations Ensure the importUsers function in SysUserController.java includes appropriate permission checks to verify the user's identity and authorization before allowing data import operations.

Fix

Improper Access Control

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-862

Related Identifiers

CVE-2025-66736

Affected Products

Youlai-Boot

CVE-2025-66736

Weakness Enumeration

Related Identifiers

Affected Products

References · 8