CVE-2025-2089

Published: Mar 7, 2025Modified: Oct 10, 2025

5.3

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability has been found in StarSea99 starsea-mall 1.0/2.X and classified as critical. Affected by this vulnerability is the function updateUserInfo of the file /personal/updateInfo of the component com.siro.mall.controller.mall.UserController. The manipulation of the argument userId leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Affected (1)

Products: Starsea99: Starsea Mall

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Starsea99 Starsea Mall	Version 1.0.0

Related CWEs

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (5)

https://vuldb.com/?ctiid.298903

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.298903

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.514977

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://wiki.shikangsi.com/post/share/baecf028-1116-4600-ae9c-f655cc93c29b

Source: cna@vuldb.com

ExploitThird Party Advisory

https://wiki.shikangsi.com/post/share/baecf028-1116-4600-ae9c-f655cc93c29b

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.