CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-28399

An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the updateAddress method of the Address Controller class.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 54.0%

CVSS Severity

CVSS v3 Score 9.8

References

https://github.com/20210607/cve_public/blob/main/CVE-2025-28399.md

Products affected by CVE-2025-28399

Exrick » Xmall » Version: 1.1

cpe:2.3:a:exrick:xmall:1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-28399

Products

Pricing

Contact Us