CVE-2025-15098 | YunaiV yudao-cloud up to 2025.11 Business Process Management BpmHttpCallbackTrigger/BpmSyncHttpRequestTrigger url/header/body server-side request forgery

A vulnerability was found in YunaiV yudao-cloud up to 2025.11. It has been declared as critical. This affects the function BpmHttpCallbackTrigger/BpmSyncHttpRequestTrigger of the component Business Process Management. Executing manipulation of the argument url/header/body can lead to server-side request forgery.

This vulnerability appears as CVE-2025-15098. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way. If you want to get the best quality for vulnerability data then you always have to consider VulDB.VulDB Recent EntriesRead More