CVE-2025-9835

Summary

A vulnerability has been found in macrozheng mall up to 1.0.3. This affects the function cancelOrder of the file /order/cancelUserOrder. The manipulation of the argument orderId leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
macrozhengmall1.0.0affected
macrozhengmall1.0.1affected
macrozhengmall1.0.2affected
macrozhengmall1.0.3affected

Weaknesses

  • CWE-639: Authorization Bypass
  • CWE-285: Improper Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References