CVE-2025-0974

MEDIUM

MaxD Lightning Module 4.43 - Deserialization

Title source: llm

Description

A vulnerability, which was classified as critical, has been found in MaxD Lightning Module 4.43 on OpenCart. This issue affects some unknown processing. The manipulation of the argument li_op/md leads to deserialization. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

References (4)

[Various Sources] https://gist.github.com/mcdruid/f8153d7d535c0fcba920e83a64953d4e

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.294365

[Permissions Required, VDB Entry] https://vuldb.com/?id.294365

[Permissions Required, VDB Entry] https://vuldb.com/?submit.489672

Scores

CVSS v3 5.0

EPSS 0.0003

EPSS Percentile 7.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-502 CWE-20

Status draft

Timeline

Published Feb 03, 2025

Tracked Since Feb 18, 2026