3 matches found
CVE-2025-10987
YunaiV yudao-cloud (HTTP Request Handler) is affected by CVE-2025-10987 due to improper authorization in the /crm/contact/transfer file where the contactId parameter can be manipulated. The issue enables a remote attack and has publicly disclosed exploits. Multiple feeds confirm the vulnerability...
CVE-2025-10275
CVE-2025-10275 concerns YunaiV yudao-cloud up to 2025.09. Affects an unknown part of the file /crm/business/transfer. Root cause: manipulation of the argument ids/newOwnerUserId can lead to improper authorization, exploitable via remote access. Descriptions across sources confirm the vulnerabilit...
CVE-2025-10277
CVE-2025-10277 affects YunaiV yudao-cloud (up to 2025.09). The flaw lies in processing the file /crm/receivable/submit where manipulation of the ID argument leads to improper authorization. The issue is exploitable remotely, and public exploits have been published. The vendor was contacted but di...