CVE-2025-14051

Description

A flaw has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function getById/updateAddress/deleteAddress of the file /mall-ums/app-api/v1/addresses/. Executing manipulation can lead to improper control of dynamically-identified variables. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS v3.1 Score

6.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Weakness Type (CWE)

CWE-913 CWE-913

CWE-914 CWE-914

Affected Products

Vendor	Product	Versions
youlai	youlai-mall	All
youlai	youlai-mall	All

References

Exploits

https://github.com/Hwwg/cve/issues/18 https://github.com/Hwwg/cve/issues/19 https://github.com/Hwwg/cve/issues/18 https://github.com/Hwwg/cve/issues/19

Other References

https://vuldb.com/?ctiid.334367 https://vuldb.com/?id.334367 https://vuldb.com/?submit.694827 https://vuldb.com/?submit.694836 https://vuldb.com/?submit.694837

Frequently Asked Questions

What is CVE-2025-14051? +

A flaw has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function getById/updateAddress/deleteAddress of the file /mall-ums/app-api/v1/addresses/. Executing manipulation can lead to improper control of dynamically-identified variables. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. It has a CVSS v3.1 base score of 6.3 (MEDIUM).

How severe is CVE-2025-14051? +

CVE-2025-14051 has a CVSS v3.1 score of 6.3 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance.

What products are affected by CVE-2025-14051? +

CVE-2025-14051 affects products from youlai, specifically: youlai-mall. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2025-14051? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2026-48700

An issue was discovered in all versions of PCManFM-Qt starting from 1.1.0. When a regular file's path is passed as …

CVE-2025-13426

A vulnerability exists in Google Apigee's JavaCallout policy https://docs.apigee.com/api-platform/reference/policies/java-callout-policy that allows for remote code execution. It is possible for a …

CVE-2025-68613 9.9

n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain …

CVE-2024-8953 9.8

In composiohq/composio version 0.4.3, the mathematical_calculator endpoint uses the unsafe eval() function to perform mathematical operations. This can lead to …

CVE-2024-5452 9.8

A remote code execution (RCE) vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user …

CVE-2025-25270 9.8

An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with …