CVE-2025-14085 | youlaitech youlai-mall 1.0.0/2.0.0 /app-api/v1/orders/ orderId improper control of dynamically-identified variables

A vulnerability, which was classified as critical, has been found in youlaitech youlai-mall 1.0.0/2.0.0. This impacts an unknown function of the file /app-api/v1/orders/. The manipulation of the argument orderId leads to improper control of dynamically-identified variables.

This vulnerability is referenced as CVE-2025-14085. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More