CVE-2025-9514

Summary

A vulnerability has been found in macrozheng mall up to 1.0.3. This impacts an unknown function of the component Registration. Such manipulation leads to weak password requirements. The attack can be executed remotely. Attacks of this nature are highly complex. The exploitability is said to be difficult. The vendor deleted the GitHub issue for this vulnerability without and explanation.

Affected Software

VendorProductVersion RangeStatus
macrozhengmall1.0.0affected
macrozhengmall1.0.1affected
macrozhengmall1.0.2affected
macrozhengmall1.0.3affected

Weaknesses

  • CWE-521: Weak Password Requirements

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References