youlaitech youlai-mall orders improper control of dynamically-identified variables_CVE-2025-14085

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. This impacts an unknown function of the file /app-api/v1/orders/. The manipulation of the argument orderId leads to improper control of dynamically-identified variables. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-14085

Source VulDB

Published Dec 5, 2025 at 14:02

Modified Dec 5, 2025 at 16:48

Affected Product

Vendor youlaitech

Product youlai-mall

Version 1.0.0

Affected Versions youlaitech youlai-mall 1.0.0
youlaitech youlai-mall 2.0.0

CWE Classification

CWE-914 CWE-913

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. This impacts an unknown function of the file /app-api/v1/orders/. The manipulation of the argument orderId leads to improper control of dynamically-identified variables. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-12-05T14:02:05.993Z",
    "modified": "2025-12-05T16:48:03.230Z",
    "type": "cve",
    "title": "youlaitech youlai-mall orders improper control of dynamically-identified variables",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.334476\nhttps://vuldb.com/?ctiid.334476\nhttps://vuldb.com/?submit.695943\nhttps://github.com/Hwwg/cve/issues/23",
    "id": "CVE-2025-14085",
    "bulletinFamily": "",
    "cwe": [
        "CWE-914",
        "CWE-913"
    ],
    "cvelist": null,
    "sourceData": "youlaitech youlai-mall 1.0.0\nyoulaitech youlai-mall 2.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "youlai-mall",
    "version": "1.0.0",
    "vendor": "youlaitech",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}