CVE-2025-10987 | YunaiV yudao-cloud up to 2025.09 HTTP Request /crm/contact/transfer contactId improper authorization

A vulnerability has been found in YunaiV yudao-cloud up to 2025.09 and classified as critical. Affected by this issue is some unknown functionality of the file /crm/contact/transfer of the component HTTP Request Handler. This manipulation of the argument contactId causes improper authorization.

The identification of this vulnerability is CVE-2025-10987. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More