CVE-2025-10288

Name of the Vulnerable Software and Affected Versions: roncoo-pay (affected versions not specified)

Description: A vulnerability exists in roncoo-pay that allows for improper authentication. The issue is related to manipulation of an unknown function within the /user/info/list file. This allows for remote exploitation. The exploit has been made public. The vendor was contacted but did not respond.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.