Login Sign Up

CVE-2025-55471

7.5 HIGH
Authentication Bypass

📋 TL;DR

An incorrect access control vulnerability in youlai-boot v2.21.1 allows attackers to bypass authorization checks in the getUserFormData function, enabling unauthorized access to sensitive user information. This affects all deployments running the vulnerable version of the youlai-boot framework. Attackers can exploit this to retrieve other users' personal data without proper authentication.

💻 Affected Systems

Products:
  • youlai-boot
Versions: v2.21.1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects youlai-boot framework deployments using the vulnerable getUserFormData function.

📦 What is this software?

Youlai Boot by Youlai

View all CVEs affecting Youlai Boot →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Mass data breach exposing all user records including personally identifiable information, credentials, or sensitive form data stored in the system.

🟠

Likely Case

Targeted data extraction of specific users' information leading to privacy violations and potential credential harvesting.

🟢

If Mitigated

Unauthorized access attempts are logged and blocked, with no data exposure beyond what's permitted by proper access controls.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires some authentication but bypasses authorization checks. Public GitHub gist demonstrates the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v2.21.2 or later

Vendor Advisory: https://gitee.com/youlaiorg/youlai-boot/issues/ICFBW8

Restart Required: Yes

Instructions:

1. Update youlai-boot to version 2.21.2 or later. 2. Review and test the getUserFormData function implementation. 3. Restart the application server.

🔧 Temporary Workarounds

Implement additional authorization middleware

all

Add server-side authorization checks before getUserFormData function execution

# Add authorization check in controller/service layer
# Example: if (!currentUser.hasAccess(targetUserId)) { return unauthorized(); }

🧯 If You Can't Patch

  • Implement network-level access controls to restrict access to the vulnerable endpoint
  • Enable detailed logging and monitoring for unauthorized access attempts to the getUserFormData function

🔍 How to Verify

Check if Vulnerable:

Check if youlai-boot version is 2.21.1 and if getUserFormData function lacks proper user ID validation

Check Version:

Check application.properties or pom.xml for youlai-boot version

Verify Fix Applied:

Test that authenticated users cannot access other users' data through the getUserFormData endpoint

📡 Detection & Monitoring

Log Indicators:

  • Multiple getUserFormData requests with different user IDs from same session
  • Access denied logs for getUserFormData function

Network Indicators:

  • Unusual pattern of requests to user data endpoints
  • Requests with manipulated user ID parameters

SIEM Query:

source="application.logs" AND "getUserFormData" AND (user_id_mismatch OR unauthorized_access)

📊 Metadata

CVE ID: CVE-2025-55471
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-284
EPSS Score: 0.06% exploit probability (17.5th percentile)
Published: November 26, 2025
Last Updated: December 5, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-55471, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)