dulaiduwang003 TIME-SEA-PLUS Order Status PayController.java alipayIsSucceed improper authorization_CVE-2025-12304

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in dulaiduwang003 TIME-SEA-PLUS up to fb299162f18498dd9cf17da906886d80a077d53b. This affects the function alipayIsSucceed of the file PayController.java of the component Order Status Handler. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

Basic Information

ID CVE-2025-12304

Source VulDB

Published Oct 27, 2025 at 18:32

Modified Oct 27, 2025 at 20:34

Affected Product

Vendor dulaiduwang003

Product TIME-SEA-PLUS

Version fb299162f18498dd9cf17da906886d80a077d53b

Affected Versions dulaiduwang003 TIME-SEA-PLUS fb299162f18498dd9cf17da906886d80a077d53b

CWE Classification

CWE-285 CWE-266

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in dulaiduwang003 TIME-SEA-PLUS up to fb299162f18498dd9cf17da906886d80a077d53b. This affects the function alipayIsSucceed of the file PayController.java of the component Order Status Handler. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.",
    "published": "2025-10-27T18:32:05.681Z",
    "modified": "2025-10-27T20:34:32.121Z",
    "type": "cve",
    "title": "dulaiduwang003 TIME-SEA-PLUS Order Status PayController.java alipayIsSucceed improper authorization",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.329976\nhttps://vuldb.com/?ctiid.329976\nhttps://vuldb.com/?submit.676283\nhttps://github.com/Hwwg/cve/issues/3",
    "id": "CVE-2025-12304",
    "bulletinFamily": "",
    "cwe": [
        "CWE-285",
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "dulaiduwang003 TIME-SEA-PLUS fb299162f18498dd9cf17da906886d80a077d53b",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "TIME-SEA-PLUS",
    "version": "fb299162f18498dd9cf17da906886d80a077d53b",
    "vendor": "dulaiduwang003",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}