Login Sign Up

CVE-2025-66735

7.5 HIGH
Authentication Bypass

📋 TL;DR

CVE-2025-66735 is an access control vulnerability in youlai-boot V2.21.1 where the getRoleForm function lacks proper permission checks. This allows non-root users to access root role information, potentially enabling privilege escalation. Organizations using youlai-boot V2.21.1 are affected.

💻 Affected Systems

Products:
  • youlai-boot
Versions: V2.21.1
Operating Systems: Any OS running Java applications
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects youlai-boot V2.21.1; other versions may be unaffected.

📦 What is this software?

Youlai Boot by Youlai

View all CVEs affecting Youlai Boot →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could gain administrative privileges, modify system configurations, access sensitive data, or deploy backdoors.

🟠

Likely Case

Unauthorized users access administrative role information, potentially enabling further privilege escalation attacks.

🟢

If Mitigated

With proper network segmentation and least privilege principles, impact is limited to the affected application instance.

🌐 Internet-Facing: HIGH if the application is exposed to the internet without proper authentication layers.
🏢 Internal Only: MEDIUM as internal attackers could exploit this to gain administrative access within the network.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but minimal technical skill. Public references demonstrate the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit 9197065102f92264ded814a9d3e9f2a4ff0da121

Vendor Advisory: https://gitee.com/youlaiorg/youlai-boot/issues/ICH8FR

Restart Required: Yes

Instructions:

1. Update youlai-boot to the patched version. 2. Apply commit 9197065102f92264ded814a9d3e9f2a4ff0da121. 3. Restart the application server.

🔧 Temporary Workarounds

Add permission check middleware

all

Implement custom permission validation before the getRoleForm function executes.

Modify SysRoleController.java to add @PreAuthorize("hasRole('ROLE_ADMIN')") annotation

🧯 If You Can't Patch

  • Implement network segmentation to isolate the vulnerable application from critical systems.
  • Enforce strict access controls and monitor for unusual role access patterns.

🔍 How to Verify

Check if Vulnerable:

Check if youlai-boot version is V2.21.1 and review SysRoleController.java for missing permission checks in getRoleForm.

Check Version:

Check application configuration files or use 'java -jar youlai-boot.jar --version' if available.

Verify Fix Applied:

Verify the application uses the patched commit and test that non-admin users cannot access root role information.

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to /sys/role endpoints
  • GET requests to role management endpoints from non-admin users

Network Indicators:

  • HTTP requests to /sys/role/* from unauthorized IPs

SIEM Query:

source="application.log" AND (uri="/sys/role" OR uri="/sys/role/*") AND user_role!="admin"

📊 Metadata

CVE ID: CVE-2025-66735
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-284
EPSS Score: 0.05% exploit probability (16.7th percentile)
Published: December 22, 2025
Last Updated: January 6, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-66735, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)