PT-2025-37285 · Unknown · Roncoo-Pay

·

CVE-2025-10287

·

Published

2025-09-12

·

Updated

2025-09-12

CVSS v3.1

3.1

Low

VectorAV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions: roncoo-pay versions prior to 9428382af21cd5568319eae7429b7e1d0332ff40
Description: A vulnerability exists in roncoo-pay that allows for direct request manipulation. The issue is related to the /auth/orderQuery file and an unknown function within it. Exploitation involves manipulating the orderNo argument. The attack can be performed remotely and is considered difficult to exploit. The exploit has been publicly disclosed.
Recommendations: Update roncoo-pay to a version prior to 9428382af21cd5568319eae7429b7e1d0332ff40.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2025-10287

Affected Products

Roncoo-Pay