CVE-2025-4118

Name of the Vulnerable Software and Affected Versions Weitong Mall version 1.0.0

Description A critical issue has been discovered in the Product History Handler component, specifically affecting an unknown part of the /historyList file. The manipulation of the isDelete argument with the input 1 leads to improper access controls, allowing for remote attack initiation. The exploit has been publicly disclosed and may be utilized.

Recommendations For Weitong Mall version 1.0.0, as a temporary workaround, consider restricting access to the /historyList file of the Product History Handler component to minimize the risk of exploitation. Avoid using the isDelete argument with the input 1 in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.