CVE-2025-13116

Name of the Vulnerable Software and Affected Versions macrozheng mall-swarm versions through 1.0.3

Description A flaw exists in macrozheng mall-swarm that could allow for improper authorization. This is due to manipulation of the orderId argument within the cancelUserOrder function located in the file /order/cancelUserOrder. The attack can be launched remotely. The exploit is publicly available. The vendor was informed of this issue but did not provide a response.

Recommendations Versions prior to 1.0.3 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.