CVE-2025-15087

Name of the Vulnerable Software and Affected Versions youlaitech youlai-mall versions 1.0.0 through 2.0.0

Description A security issue has been identified in youlaitech youlai-mall. Manipulation of the orderSn argument within the submitOrderPayment function, located in the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java, can lead to improper authorization. This issue may be exploited remotely. The exploit for this issue has been publicly disclosed. The existence of this issue is currently questioned, and the vendor has not responded to reports about it.

Recommendations youlaitech youlai-mall versions 1.0.0 through 2.0.0: Address improper authorization by securing the submitOrderPayment function and validating the orderSn argument.