CVE-2025-14085

MEDIUM

Youlaitech Youlai-mall 1.0.0/2.0.0 - Improper Control of Dynamicall...

Title source: llm
STIX 2.1

Description

A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. This impacts an unknown function of the file /app-api/v1/orders/. The manipulation of the argument orderId leads to improper control of dynamically-identified variables. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

Scores

CVSS v3 6.3
EPSS 0.0008
EPSS Percentile 22.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-913 CWE-914
Status published
Products (2)
youlai/youlai-mall 1.0.0
youlai/youlai-mall 2.0.0
Published Dec 05, 2025
Tracked Since Feb 18, 2026