Vulnerability Details CVE-2025-66736
youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permission check on the current user's identity, which may allow regular users to import user data into the database, resulting in an authorization bypass vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 7.1%
CVSS Severity
CVSS v3 Score 7.1
References
Products affected by CVE-2025-66736
-
cpe:2.3:a:youlai:youlai-boot:2.21.1