CVE-2025-13117

Name of the Vulnerable Software and Affected Versions macrozheng mall-swarm and mall versions up to 1.0.3

Description A security issue exists due to improper authorization. This occurs through manipulation of the orderId argument within the cancelOrder function located in the file /order/cancelOrder. The attack can be initiated remotely. The exploit for this issue has been publicly disclosed. The vendor was informed of the disclosure but did not provide a response.

Recommendations Versions prior to 1.0.3 are vulnerable. At the moment, there is no information about a newer version that contains a fix for this vulnerability.