CVE-2025-10778

Name of the Vulnerable Software and Affected Versions Smartstore versions prior to 6.2.1

Description A race condition exists in the Gift Voucher Handler component of Smartstore. The issue is located in an unknown function within the /checkout/confirm/ file. The attack can be initiated remotely and is considered difficult to exploit, with high complexity. The vendor was contacted regarding this issue but did not respond.

Recommendations Update Smartstore to version 6.2.1 or later.