CVE-2025-66735

Published: Dec 22, 2025

Modified: Dec 22, 2025

PUBLISHED

Description

youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The getRoleForm function in SysRoleController.java does not perform permission checks, which may allow non-root users to directly access root roles.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gitee.com/youlaiorg/youlai-boot/issues/ICH8FR

https://gitee.com/youlaiorg/youlai-boot/commit/9197065102f92264ded814a9d3e9f2a4ff0da121

https://gist.github.com/old6ma/dc9e6e4a693d12c1a35fd4e1d21d4743

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-66735

Description

Affected Products

References