CVE-2025-10275 | YunaiV yudao-cloud up to 2025.09 /crm/business/transfer ids/newOwnerUserId improper authorization

A vulnerability was found in YunaiV yudao-cloud up to 2025.09. It has been declared as critical. This affects an unknown part of the file /crm/business/transfer. Executing manipulation of the argument ids/newOwnerUserId can lead to improper authorization.

The identification of this vulnerability is CVE-2025-10275. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More