CVE-2025-14086
BaseFortify
Publication date: 2025-12-05
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| youlai | youlai-mall | 1.0.0 |
| youlai | youlai-mall | 2.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in youlaitech youlai-mall versions 1.0.0 and 2.0.0, specifically in an unknown function within the file /app-api/v1/members/openid/. It involves manipulation of the 'openid' argument, which leads to improper access controls. This means an attacker can remotely exploit this flaw to gain unauthorized access or perform actions they should not be allowed to.
How can this vulnerability impact me? :
The vulnerability can allow a remote attacker to bypass access controls by manipulating the 'openid' argument, potentially leading to unauthorized access to sensitive information or functionality within the application. This could result in data exposure, unauthorized actions, or compromise of the affected system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability leads to unauthorized disclosure of sensitive authentication data and social unique identifiers without necessity, lacks rate limiting, audit trails, and anomaly detection, and enables account existence enumeration and profiling. These issues violate compliance and risk controls, potentially impacting adherence to common standards and regulations such as GDPR and HIPAA by compromising confidentiality and increasing risk of unauthorized access to personal data. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring or testing access to the endpoint GET /mall-ums/app-api/v1/members/openid/{openid} to see if unauthorized users can retrieve member authentication data by supplying arbitrary openid values. Detection can involve sending authenticated GET requests to this endpoint with different openid values and observing if the system returns sensitive member data without proper ownership validation or permission checks. For example, using curl commands with a valid app login token: curl -H "Authorization: Bearer <valid_token>" https://<your-domain>/mall-ums/app-api/v1/members/openid/<target_openid> If the response returns memberId and other sensitive data for openids not belonging to the authenticated user, the vulnerability is present. Additionally, lack of rate limiting and distinct error codes (e.g., USER_NOT_EXIST) can be tested by enumerating multiple openid values to confirm the vulnerability. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing proper access control checks on the endpoint to verify that the openid parameter belongs to the currently authenticated user, such as validating against the user's memberId or session. Adding role or permission controls (e.g., using @PreAuthorize annotations) to restrict access to authorized users only is essential. Rate limiting and auditing should be introduced to prevent enumeration attacks and monitor suspicious activity. Removing or limiting exposure of sensitive authentication data in the API response can reduce risk. Since no vendor patch or official fix is available, consider restricting access to the vulnerable endpoint or disabling it temporarily until a secure fix or product replacement is available. [1, 3]