Improper Authorization in YunaiV yudao-cloud Affects Remote Access
CVE-2025-10275

5.3MEDIUM

Key Information:

Vendor: Yunaiv
Status: Yudao-cloud
Vendor: CVE Published:; 12 September 2025

What is CVE-2025-10275?

A vulnerability has been discovered in YunaiV's yudao-cloud software versions up to 2025.09, specifically affecting the file /crm/business/transfer. This vulnerability arises from improper handling of the 'ids/newOwnerUserId' argument, potentially allowing an attacker to manipulate user authorizations. The exploit can be executed remotely, making it particularly concerning as it has been disclosed publicly. Despite early notification to the vendor, no response was received regarding this serious security issue.

Affected Version(s)

yudao-cloud 2025.09

References

https://vuldb.com/?id.323645

vdb-entrytechnical-description

https://vuldb.com/?ctiid.323645

signaturepermissions-required

https://vuldb.com/?submit.643384

third-party-advisory

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 12, 2025
Vulnerability Reserved
Sep 11, 2025

Credit

aibot888 (VulDB User)