Improper Control Vulnerability in Youlai-Mall by Youlaitech

CVE-2025-14051

What is CVE-2025-14051?

A significant flaw has been identified in the Youlai-Mall product by Youlaitech. The vulnerability resides in the functions responsible for managing user addresses within the application, specifically the getById, updateAddress, and deleteAddress functions located in the /mall-ums/app-api/v1/addresses/ path. This weakness allows attackers to manipulate dynamically-identified variables, posing risks of unauthorized actions within the application. The vulnerability can be exploited remotely, heightening the potential for malicious interactions. Despite early communication attempts to inform Youlaitech about this issue, there has been no response regarding mitigation efforts.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References