Home

Description

Incorrect access control in the getUserFormData function of youlai-boot v2.21.1 allows attackers to access sensitive information for other users.

PUBLISHED Reserved 2025-08-13 | Published 2025-11-26 | Updated 2025-11-28 | Assigner mitre

References

gitee.com/youlaiorg/youlai-boot

gitee.com/youlaiorg/youlai-boot/issues/ICFBW8

gist.github.com/old6ma/08d83e5aa7d47e7ff18b23337ccd1f1d

cve.org (CVE-2025-55471)

nvd.nist.gov (CVE-2025-55471)

Download JSON