PT-2025-39472 · Unknown · Roncoo-Pay
Aibot888
·
Published
2025-09-26
·
Updated
2025-09-26
·
CVE-2025-10992
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
roncoo-pay versions prior to 9428382af21cd5568319eae7429b7e1d0332ff40
Description
An issue exists in roncoo-pay where manipulation of an unknown function within the
/user/info/lookupList file can lead to improper authorization. This issue can be exploited remotely. The exploit has been publicly disclosed. The vendor was contacted regarding this disclosure but did not respond.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Improper Authorization
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Roncoo-Pay