CVE-2025-15084

Name of the Vulnerable Software and Affected Versions youlaitech youlai-mall versions 1.0.0 through 2.0.0

Description An issue exists in youlaitech youlai-mall that relates to improper access controls. The affected component is the Order Payment Handler, specifically within the orderService.payOrder function located in the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java. This issue can be initiated remotely and is considered to have high complexity with difficult exploitability. A publicly available exploit exists. The vendor was contacted regarding this disclosure but did not respond. Elevated activity targeting this vulnerability has been observed.

Recommendations youlaitech youlai-mall version 1.0.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability. youlaitech youlai-mall version 2.0.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.