Unrated severityNVD Advisory· Published Dec 22, 2025· Updated Dec 22, 2025
CVE-2025-66736
CVE-2025-66736
Description
youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permission check on the current user's identity, which may allow regular users to import user data into the database, resulting in an authorization bypass vulnerability.
Affected products
2- youlai-boot/youlai-bootdescription
- Range: = 2.21.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.