CVE-2025-15085 – youlaitech youlai-mall Balance MemberController.java deductBalance improper authorization

CVE ID : CVE-2025-15085

Published : Dec. 25, 2025, 7:32 p.m. | 50 minutes ago

Description : A security flaw has been discovered in youlaitech youlai-mall 1.0.0/2.0.0. This affects the function deductBalance of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java of the component Balance Handler. The manipulation results in improper authorization. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2025-15088 – ketr JEPaaS loadPostil postilService.loadPostils sql injection

CVE-2025-15087 – youlaitech youlai-mall OrderController.java submitOrderPayment improper authorization

CVE-2025-15086 – youlaitech youlai-mall MemberController.java getMemberByMobile access control

CVE-2025-68936 – ONLYOFFICE Docs Cross-Site Scripting Vulnerability