Yonyou U8 Cloud CVE-2025-12344
LOWSeverity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability has been found in Yonyou U8 Cloud up to 5.1sp. The impacted element is an unknown function of the file /service/NCloudGatewayServlet of the component Request Header Handler. Such manipulation of the argument ts/sign leads to unrestricted upload. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Yonyou U8 Cloud versions up to 5.1sp allow authenticated remote attackers to bypass file upload restrictions via manipulation of the ts and sign parameters in the /service/NCloudGatewayServlet endpoint, enabling unrestricted file uploads. The vulnerability affects the Request Header Handler component and has been publicly disclosed with exploit code available, though the vendor has not responded to early notification.
Technical ContextAI
The vulnerability resides in the NCloudGatewayServlet component's Request Header Handler, which processes authentication and validation parameters (ts and sign) for incoming requests. The ts parameter likely represents a timestamp and sign a cryptographic signature used to validate request integrity and authenticity. CWE-284 indicates improper access control - specifically, the validation logic fails to properly enforce restrictions on file upload operations when these signature-based authentication parameters are manipulated. The attack leverages a flaw in how the servlet validates or enforces upload permissions, allowing bypass of intended access controls despite the requirement for initial authentication (PR:L in CVSS vector).
Affected ProductsAI
Yonyou U8 Cloud up to and including version 5.1sp are affected. The specific component at risk is the NCloudGatewayServlet request handler. Exact CPE mapping is not provided in the available data, but the affected product line is Yonyou U8 Cloud with confirmed impact through version 5.1sp.
RemediationAI
Primary remediation requires upgrading to a patched version beyond 5.1sp once the vendor releases a fix; however, no vendor-released patch has been confirmed at the time of analysis, and the vendor has not responded to early disclosure notification. As an immediate compensating control, restrict network access to the /service/NCloudGatewayServlet endpoint via firewall or reverse-proxy rules, limiting connectivity to trusted internal networks only. Implement request validation at the application gateway level to strictly validate the ts and sign parameters before forwarding to the servlet - reject any requests where signature validation fails or timestamps fall outside acceptable windows (this requires understanding the expected signature algorithm, potentially requiring vendor support or reverse engineering). Monitor file upload activity for anomalous patterns such as uploads from authenticated users who do not normally upload files, or uploads of suspicious file types. Apply principle of least privilege to user accounts - ensure only users who genuinely require upload capability have that permission. Note that these controls do not eliminate the underlying vulnerability and should be considered temporary measures pending vendor patch availability.
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today