CVE-2025-0841

HIGH

Aridius XYZ <20240927 - Deserialization

Title source: llm

Description

A vulnerability has been found in Aridius XYZ up to 20240927 on OpenCart and classified as critical. This vulnerability affects the function loadMore of the component News. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

References (4)

[Various Sources] https://gist.github.com/mcdruid/52383f40d11becb79ce4033cb46546eb

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.293998

[Permissions Required, VDB Entry] https://vuldb.com/?id.293998

[Permissions Required, VDB Entry] https://vuldb.com/?submit.485445

Scores

CVSS v3 7.3

EPSS 0.0021

EPSS Percentile 43.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-502 CWE-20

Status draft

Timeline

Published Jan 29, 2025

Tracked Since Feb 18, 2026