Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-66736

Date: December 21, 2025

youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permission check on the current user's identity, which may allow regular users to import user data into the database, resulting in an authorization bypass vulnerability.

Severity Score

Related Resources (5)

https://gitee.com/youlaiorg/youlai-boot/issues/ICH8FV
https://gist.github.com/old6ma/be1d4a5373ee2de901ed4c8d81485046
https://nvd.nist.gov/vuln/detail/CVE-2025-66736
https://gitee.com/youlaiorg/youlai-boot/commit/9197065102f92264ded814a9d3e9f2a4ff0da121
https://www.mend.io/vulnerability-database/CVE-2025-66736

Severity Score

Weakness Type (CWE)

Improper Access Control

CWE-284

Missing Authorization

CWE-862

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): HIGH
Availability (A): NONE

Do you need more information?

Contact Us