CVE-2025-10987 – This vulnerability allows remote attackers to b... (How to Fix)

Q: What is the severity of CVE-2025-10987?

CVE-2025-10987 has a CVSS score of 6.3 (MEDIUM). This vulnerability allows remote attackers to bypass authorization controls in YunaiV yudao-cloud by manipulating the contactId parameter in the /crm/contact/transfer endpoint. Attackers can potentially transfer CRM contacts without proper permissions. Affected systems include YunaiV yudao-cloud installations up to version 2025.09.

📋 TL;DR

This vulnerability allows remote attackers to bypass authorization controls in YunaiV yudao-cloud by manipulating the contactId parameter in the /crm/contact/transfer endpoint. Attackers can potentially transfer CRM contacts without proper permissions. Affected systems include YunaiV yudao-cloud installations up to version 2025.09.

💻 Affected Systems

Products:

YunaiV yudao-cloud

Versions: up to 2025.09

Operating Systems: Any

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the HTTP Request Handler component. Requires the /crm/contact/transfer endpoint to be accessible.

📦 What is this software?

Yudao Cloud by Iocoder

View all CVEs affecting Yudao Cloud →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Unauthorized users could transfer sensitive CRM contact data to malicious actors, leading to data theft, business disruption, or compliance violations.

🟠

Likely Case

Attackers with some system access could escalate privileges and manipulate CRM data they shouldn't have access to.

🟢

If Mitigated

With proper network segmentation and authentication controls, impact would be limited to authorized users only.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploit has been publicly disclosed. Attack requires some level of access to the system but not proper authorization for the specific function.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Vendor was contacted but did not respond. Consider upgrading to versions after 2025.09 if available.

🔧 Temporary Workarounds

Block vulnerable endpoint

all

Restrict access to the /crm/contact/transfer endpoint using web application firewall or network controls

Implement additional authorization checks

all

Add server-side authorization validation for contact transfer operations

🧯 If You Can't Patch

Implement strict network segmentation to isolate the vulnerable system
Deploy web application firewall with custom rules to detect and block exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check if yudao-cloud version is 2025.09 or earlier and the /crm/contact/transfer endpoint is accessible

Check Version:

Check application version in admin panel or configuration files

Verify Fix Applied:

Test if unauthorized users can successfully transfer contacts via the vulnerable endpoint

📡 Detection & Monitoring

Log Indicators:

Unusual contact transfer activities
Failed authorization attempts on /crm/contact/transfer
Multiple transfer requests from single user

Network Indicators:

HTTP POST requests to /crm/contact/transfer with manipulated contactId parameters

SIEM Query:

source="web_server" AND (url="/crm/contact/transfer" AND method="POST") AND (user_role!="admin" OR auth_result="failed")

📊 Metadata

CVE ID: CVE-2025-10987

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-266

EPSS Score: 0.06% exploit probability (19.9th percentile)

Published: September 26, 2025

Last Updated: November 14, 2025

🔗 References

https://vuldb.com/?ctiid.325910 Permissions Required,VDB Entry
https://vuldb.com/?id.325910 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.653735 Third Party Advisory,VDB Entry
https://www.cnblogs.com/aibot/p/19063573 Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10987, you might also want to check these: