CVE-2025-10216

Name of the Vulnerable Software and Affected Versions: GrandNode versions prior to 2.3.0

Description: A flaw exists in GrandNode up to version 2.3.0 within the Voucher Handler component, specifically in the /checkout/ConfirmOrder/ file. Manipulation of the giftvouchercouponcode argument can trigger a race condition. This issue is remotely exploitable but requires a high level of complexity and is considered difficult to exploit. The vendor was contacted regarding this disclosure but did not respond.

Recommendations: Update to a version later than 2.3.0.