CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-13115

A security flaw has been discovered in macrozheng mall-swarm and mall up to 1.0.3. This impacts the function detail of the file /order/detail/ of the component Order Details Handler. Performing manipulation of the argument orderId results in improper authorization. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 8.9%

CVSS Severity

CVSS v3 Score 4.3

CVSS v2 Score 4.0

References

https://github.com/Hwwg/cve/issues/11
https://github.com/Hwwg/cve/issues/6
https://vuldb.com/?ctiid.332320
https://vuldb.com/?id.332320
https://vuldb.com/?submit.683222
https://vuldb.com/?submit.686528
https://github.com/Hwwg/cve/issues/6

Products affected by CVE-2025-13115

Macrozheng » Mall-Swarm » Version: Any

cpe:2.3:a:macrozheng:mall-swarm:*
Macrozheng » Mall » Version: Any

cpe:2.3:a:macrozheng:mall:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-13115

Products

Pricing

Contact Us