CVE-2025-15118

MEDIUM

Macrozheng Mall < 1.0.3 - Improper Authorization

Title source: rule

Description

A security vulnerability has been detected in macrozheng mall up to 1.0.3. This vulnerability affects unknown code of the file /member/address/update/ of the component Member Endpoint. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

References (4)

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.338496

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.338496

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.711758

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/Hwwg/cve/issues/31

Scores

CVSS v3 4.3

EPSS 0.0006

EPSS Percentile 17.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-266 CWE-285

Status published

Products (1)

macrozheng/mall < 1.0.3

Published Dec 28, 2025

Tracked Since Feb 18, 2026