Primary

Context

Youlai Boot Improper Access Control Vulnerability Allowing Unauthorized Role Access

Vulnerability

A vulnerability exists in Youlai Boot version 2.21.1 due to incorrect access control in the SysRoleController.java file. The getRoleForm function fails to implement proper permission checks, potentially allowing non-root users to access root roles directly. This issue arises because the function does not verify whether the current user has the right to access specific role information, enabling unauthorized access by simply inputting a role ID.

Impact

Exploitation of this vulnerability could lead to unauthorized access to role information, allowing users to gain privileges or access rights they should not have.

Remediation

Users can update to Youlai Boot version 3.2.0 or later, where this vulnerability has been fixed.

Added: Dec 22, 2025, 9:17 PM

Updated: Dec 22, 2025, 10:51 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.5

remediation

0.0

relevance

1.6

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.5

remediation

0.0

relevance

1.6

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Youlai Boot Improper Access Control Vulnerability Allowing Unauthorized Role Access

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating