roncoo roncoo-pay list improper authentication_CVE-2025-10288

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in roncoo roncoo-pay up to 9428382af21cd5568319eae7429b7e1d0332ff40. The impacted element is an unknown function of the file /user/info/list. Performing manipulation results in improper authentication. It is possible to initiate the attack remotely. The exploit has been made public and could be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-10288

Source VulDB

Published Sep 12, 2025 at 05:02

Affected Product

Vendor roncoo

Product roncoo-pay

Version 9428382af21cd5568319eae7429b7e1d0332ff40

Affected Versions roncoo roncoo-pay 9428382af21cd5568319eae7429b7e1d0332ff40

CWE Classification

CWE-287

References

{
    "lastseen": "",
    "description": "A vulnerability was found in roncoo roncoo-pay up to 9428382af21cd5568319eae7429b7e1d0332ff40. The impacted element is an unknown function of the file /user/info/list. Performing manipulation results in improper authentication. It is possible to initiate the attack remotely. The exploit has been made public and could be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-09-12T05:02:07.934Z",
    "modified": "2025-09-12T05:02:07.934Z",
    "type": "cve",
    "title": "roncoo roncoo-pay list improper authentication",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.323650\nhttps://vuldb.com/?ctiid.323650\nhttps://vuldb.com/?submit.643837\nhttps://www.cnblogs.com/aibot/p/19063475",
    "id": "CVE-2025-10288",
    "bulletinFamily": "",
    "cwe": [
        "CWE-287"
    ],
    "cvelist": null,
    "sourceData": "roncoo roncoo-pay 9428382af21cd5568319eae7429b7e1d0332ff40",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "roncoo-pay",
    "version": "9428382af21cd5568319eae7429b7e1d0332ff40",
    "vendor": "roncoo",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}