ByteOS Network

NVD Vulnerability Details :

CVE-2025-14051

Analyzed

Source-cna@vuldb.com

Published At-04 Dec, 2025 | 23:15

Updated At-10 Dec, 2025 | 21:37

A flaw has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function getById/updateAddress/deleteAddress of the file /mall-ums/app-api/v1/addresses/. Executing manipulation can lead to improper control of dynamically-identified variables. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	5.3	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary	3.1	6.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Primary	3.1	8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary	2.0	6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P

Type: Secondary

Version: 4.0

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 3.1

Base score: 6.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Type: Primary

Version: 3.1

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 2.0

Base score: 6.5

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:S/C:P/I:P/A:P

CPE Matches

youlai>>youlai-mall>>1.0.0

cpe:2.3:a:youlai:youlai-mall:1.0.0:*:*:*:*:*:*:*

youlai>>youlai-mall>>2.0.0

cpe:2.3:a:youlai:youlai-mall:2.0.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-913	Secondary	cna@vuldb.com
CWE-914	Secondary	cna@vuldb.com

CWE ID: CWE-913

Type: Secondary

Source: cna@vuldb.com

CWE ID: CWE-914

Type: Secondary

Source: cna@vuldb.com

References

Hyperlink	Source	Resource
https://github.com/Hwwg/cve/issues/18	cna@vuldb.com	Exploit Issue Tracking Third Party Advisory
https://github.com/Hwwg/cve/issues/19	cna@vuldb.com	Exploit Issue Tracking Third Party Advisory
https://vuldb.com/?ctiid.334367	cna@vuldb.com	Permissions Required VDB Entry
https://vuldb.com/?id.334367	cna@vuldb.com	Third Party Advisory VDB Entry
https://vuldb.com/?submit.694827	cna@vuldb.com	Third Party Advisory VDB Entry
https://vuldb.com/?submit.694836	cna@vuldb.com	Third Party Advisory VDB Entry
https://vuldb.com/?submit.694837	cna@vuldb.com	Third Party Advisory VDB Entry
https://github.com/Hwwg/cve/issues/18	134c704f-9b21-4f2e-91b3-4a467353bcc0	Exploit Issue Tracking Third Party Advisory
https://github.com/Hwwg/cve/issues/19	134c704f-9b21-4f2e-91b3-4a467353bcc0	Exploit Issue Tracking Third Party Advisory