exploitDog

CVE-2025-66735

Опубликовано: 22 дек. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The getRoleForm function in SysRoleController.java does not perform permission checks, which may allow non-root users to directly access root roles.

Ссылки

https://gist.github.com/old6ma/dc9e6e4a693d12c1a35fd4e1d21d4743
Third Party Advisory
https://gitee.com/youlaiorg/youlai-boot/commit/9197065102f92264ded814a9d3e9f2a4ff0da121
Patch
https://gitee.com/youlaiorg/youlai-boot/issues/ICH8FR
Exploit
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:youlai:youlai-boot:2.21.1:*:*:*:*:*:*:*

EPSS

Процентиль: 11%

0.00036

Низкий

7.5 High

CVSS3

Дефекты

CWE-284

Связанные уязвимости

GHSA-vfjq-wcxg-p5r3

CVSS3: 7.5

github

около 2 месяцев назад

youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The getRoleForm function in SysRoleController.java does not perform permission checks, which may allow non-root users to directly access root roles.

EPSS

Процентиль: 11%

0.00036

Низкий

7.5 High

CVSS3

Дефекты

CWE-284