PT-2025-49114 · Macrozheng · Mall-Swarm
Huangweigang
·
Published
2025-12-04
·
Updated
2025-12-04
·
CVE-2025-14016
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
macrozheng mall-swarm versions through 1.0.3
Description
A security issue exists in macrozheng mall-swarm. Improper authorization can occur through manipulation of the
ids argument within the delete function located at the '/member/readHistory/delete' endpoint. This issue is remotely exploitable, and details about the exploit have been publicly disclosed. The vendor was notified but did not respond.Recommendations
Versions prior to 1.0.3 are vulnerable.
As a temporary workaround, consider restricting access to the
/member/readHistory/delete endpoint until a patch is available.
Avoid using the ids parameter in the affected API endpoint until the issue is resolved.Exploit
Fix
Incorrect Authorization
Incorrect Privilege Assignment
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mall-Swarm