CVE-2025-13118

Published: Nov 13, 2025Modified: May 23, 2026

2.1

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability was detected in macrozheng mall-swarm up to 1.0.3. Affected by this issue is the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderID results in improper authorization. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected (2)

Products: Macrozheng: Mall, Mall Swarm

2 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Macrozheng Mall	Up to 1.0.3
Macrozheng Mall Swarm	Up to 1.0.3

Related CWEs

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References (7)

https://github.com/Hwwg/cve/issues/14

Source: cna@vuldb.com

ExploitIssue TrackingThird Party Advisory

https://github.com/Hwwg/cve/issues/9

Source: cna@vuldb.com

ExploitIssue TrackingThird Party Advisory

https://vuldb.com/submit/683345

Source: cna@vuldb.com

https://vuldb.com/submit/686531

Source: cna@vuldb.com

https://vuldb.com/vuln/332323

Source: cna@vuldb.com

https://vuldb.com/vuln/332323/cti

Source: cna@vuldb.com

https://github.com/Hwwg/cve/issues/9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.