CVE-2025-15085 | youlaitech youlai-mall 1.0.0/2.0.0 Balance MemberController.java deductBalance improper authorization

Uncategorized
Yanac

A vulnerability was found in youlaitech youlai-mall 1.0.0/2.0.0 and classified as problematic. This affects the function deductBalance of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java of the component Balance Handler. The manipulation results in improper authorization.

This vulnerability is reported as CVE-2025-15085. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More