CVE-2025-13252

Summary

A vulnerability was found in shsuishang ShopSuite ModulithShop up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a. Affected by this issue is some unknown functionality of the component RSA/OAuth2/Database. The manipulation results in hard-coded credentials. The attack can be executed remotely. The exploit has been made public and could be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable.

Affected Software

VendorProductVersion RangeStatus
shsuishangShopSuite ModulithShop45a99398cec3b7ad7ff9383694f0b53339f2d35aaffected

Weaknesses

  • CWE-798: Hard-coded Credentials
  • CWE-259: Use of Hard-coded Password

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References