youlai-boot, Incorrect Access Control, CVE-2025-55471 (Critical)

By /

Listen to this Post

The vulnerability CVE-2025-55471 in youlai-boot v2.21.1 involves incorrect access control in the getUserFormData function. This function retrieves user form data via API endpoints, typically accepting a user ID parameter. Due to missing authorization checks, the function does not verify if the authenticated user matches the requested user ID. Attackers can exploit this by manipulating the user ID in HTTP requests, such as GET calls to /api/user/formData/{userId}. The function directly uses the user ID to query the database without validating permissions, leading to Insecure Direct Object Reference (IDOR). This allows any authenticated user to access sensitive form data belonging to other users by simply changing the ID value. The flaw stems from insufficient server-side validation, where the application trusts client-supplied parameters without ensuring access rights. Exploitation requires a valid authentication token, which can be obtained through regular user registration. Once authenticated, attackers can enumerate user IDs to systematically harvest confidential information. The vulnerability compromises data confidentiality, exposing personal details and form submissions. Fixed versions should implement proper access control, comparing the authenticated user’s session or token with the requested user ID before data retrieval.
Platform: youlai-boot
Version: v2.21.1
Vulnerability: Incorrect Access Control
Severity: High
Date: 2025-11-26

Prediction: Patch by 2025-12-31

What Undercode Say:

Analytics:

curl -X GET ‘http://localhost:8080/api/user/formData/1’ -H ‘Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9…’

Exploitation script to enumerate users:

for id in {1..100}; do curl -s “http://target/api/user/formData/$id” -H “Authorization: Bearer $token”; done

// Vulnerable code snippet in youlai-boot:

public FormData getUserFormData(String userId) {

return formDataRepository.findByUserId(userId); // No authorization check

}

how Exploit:

Authenticate, then manipulate user ID parameter in API requests to access other users’ data.

Protection from this CVE:

Implement authorization checks, validate user permissions, use session binding.

Impact:

Sensitive information disclosure, data privacy breach, unauthorized access.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top