CVE-2025-10287

CVSS v3.1

3.1

Low

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: roncoo-pay versions prior to 9428382af21cd5568319eae7429b7e1d0332ff40

Description: A vulnerability exists in roncoo-pay that allows for direct request manipulation. The issue is related to the /auth/orderQuery file and an unknown function within it. Exploitation involves manipulating the orderNo argument. The attack can be performed remotely and is considered difficult to exploit. The exploit has been publicly disclosed.

Recommendations: Update roncoo-pay to a version prior to 9428382af21cd5568319eae7429b7e1d0332ff40.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-425

Related Identifiers

CVE-2025-10287

Affected Products

Roncoo-Pay

CVE-2025-10287

Weakness Enumeration

Related Identifiers

Affected Products

References · 7