Reconnecting to live updates…

CVE-2025-14051: Improper Control of Dynamically-Identified Variables in youlaitech youlai-mall

Medium

VulnerabilityCVE-2025-14051cve cve-2025-14051

Published: Thu Dec 04 2025 (12/04/2025, 22:32:06 UTC)

Source: CVE Database V5

Vendor/Project: youlaitech

Product: youlai-mall

Description

A flaw has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function getById/updateAddress/deleteAddress of the file /mall-ums/app-api/v1/addresses/. Executing manipulation can lead to improper control of dynamically-identified variables. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Technical Details

Data Version: 5.2
Assigner Short Name: VulDB
Date Reserved: 2025-12-04T17:12:49.723Z
Cvss Version: 4.0
State: PUBLISHED

Threat ID: 69320cc6c0111c5616350401

Added to database: 12/4/2025, 10:35:50 PM

Last updated: 12/4/2025, 10:36:22 PM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

CVE-2025-66559: CWE-129: Improper Validation of Array Index in taikoxyz taiko-mono

High

VulnerabilityThu Dec 04 2025

CVE-2025-66563: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in monkeytypegame monkeytype

High

VulnerabilityThu Dec 04 2025

CVE-2025-66561: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Syslifters sysreptor

High

VulnerabilityThu Dec 04 2025

CVE-2025-66506: CWE-405: Asymmetric Resource Consumption (Amplification) in sigstore fulcio

High

VulnerabilityThu Dec 04 2025

CVE-2025-1547: CWE-121 Stack-based Buffer Overflow in WatchGuard Fireware OS

High

VulnerabilityThu Dec 04 2025

Actions

Please log in to the Console to use AI analysis features.

External Links

NVD Database MITRE CVE Reference 1 Reference 2 Reference 3 Reference 4 Reference 5 Reference 6 Reference 7 Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

CVE-2025-14051: Improper Control of Dynamically-Identified Variables in youlaitech youlai-mall

CVE-2025-14051: Improper Control of Dynamically-Identified Variables in youlaitech youlai-mall

Description

Technical Details

Community Reviews

Related Threats

CVE-2025-66559: CWE-129: Improper Validation of Array Index in taikoxyz taiko-mono

CVE-2025-66563: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in monkeytypegame monkeytype

CVE-2025-66561: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Syslifters sysreptor

CVE-2025-66506: CWE-405: Asymmetric Resource Consumption (Amplification) in sigstore fulcio

CVE-2025-1547: CWE-121 Stack-based Buffer Overflow in WatchGuard Fireware OS

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility