CVE-2025-15085

Name of the Vulnerable Software and Affected Versions youlaitech youlai-mall versions 1.0.0 through 2.0.0

Description A security flaw exists in youlaitech youlai-mall. The issue involves improper authorization within the Balance Handler component. Specifically, the deductBalance function, located in the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java, is susceptible to manipulation. This allows for remote attacks. The exploit for this issue is publicly available. The vendor was notified but did not respond.

Recommendations youlaitech youlai-mall version 1.0.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability. youlaitech youlai-mall version 2.0.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.