Improper Authorization Vulnerability in YunaiV yudao-cloud
CVE-2025-10277

5.3MEDIUM

Key Information:

Vendor: Yunaiv
Status: Yudao-cloud
Vendor: CVE Published:; 12 September 2025

What is CVE-2025-10277?

A vulnerability was identified in YunaiV's yudao-cloud affecting versions up to 2025.09, specifically tied to the file processing at /crm/receivable/submit. This flaw allows for improper authorization due to manipulation of the argument ID, which can be exploited remotely. The issue has been publicly disclosed, and despite attempts to notify the vendor, no response was provided.

Affected Version(s)

yudao-cloud 2025.09

References

https://vuldb.com/?id.323647

vdb-entrytechnical-description

https://vuldb.com/?ctiid.323647

signaturepermissions-required

https://vuldb.com/?submit.643808

third-party-advisory

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 12, 2025
Vulnerability Reserved
Sep 11, 2025

Credit

aibot888 (VulDB User)