CVE-2025-9835

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions macrozheng mall versions up to 1.0.3

Description A vulnerability exists in macrozheng mall versions up to 1.0.3. The cancelOrder function within the /order/cancelUserOrder file is affected. Manipulation of the orderId argument can lead to authorization bypass. The exploit has been publicly disclosed and may be used.

Recommendations Update macrozheng mall to a version newer than 1.0.3. As a temporary workaround, restrict access to the /order/cancelUserOrder file. Avoid using the orderId argument in the cancelOrder function until the issue is resolved.

Exploit

Fix

Incorrect Authorization

IDOR

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-639CWE-285

Related Identifiers

CVE-2025-9835

Affected Products

Macrozheng Mall

CVE-2025-9835

Weakness Enumeration

Related Identifiers

Affected Products

References · 9