macrozheng mall-swarm cancelUserOrder improper authorization_CVE-2025-13116

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in macrozheng mall-swarm up to 1.0.3. Affected is the function cancelUserOrder of the file /order/cancelUserOrder. Executing manipulation of the argument orderId can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-13116

Source VulDB

Published Nov 13, 2025 at 14:02

Modified Nov 13, 2025 at 14:42

Affected Product

Vendor macrozheng

Product mall-swarm

Version 1.0.0

Affected Versions macrozheng mall-swarm 1.0.0
macrozheng mall-swarm 1.0.1
macrozheng mall-swarm 1.0.2
macrozheng mall-swarm 1.0.3

CWE Classification

CWE-285 CWE-266

References

{
    "lastseen": "",
    "description": "A weakness has been identified in macrozheng mall-swarm up to 1.0.3. Affected is the function cancelUserOrder of the file /order/cancelUserOrder. Executing manipulation of the argument orderId can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-11-13T14:02:05.516Z",
    "modified": "2025-11-13T14:42:31.336Z",
    "type": "cve",
    "title": "macrozheng mall-swarm cancelUserOrder improper authorization",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.332321\nhttps://vuldb.com/?ctiid.332321\nhttps://vuldb.com/?submit.683339\nhttps://github.com/Hwwg/cve/issues/8",
    "id": "CVE-2025-13116",
    "bulletinFamily": "",
    "cwe": [
        "CWE-285",
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "macrozheng mall-swarm 1.0.0\nmacrozheng mall-swarm 1.0.1\nmacrozheng mall-swarm 1.0.2\nmacrozheng mall-swarm 1.0.3",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "mall-swarm",
    "version": "1.0.0",
    "vendor": "macrozheng",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}