CVE-2025-9514

LOW

macrozheng mall <1.0.3 - Info Disclosure

Title source: llm

Description

A vulnerability has been found in macrozheng mall up to 1.0.3. This impacts an unknown function of the component Registration. Such manipulation leads to weak password requirements. The attack can be executed remotely. Attacks of this nature are highly complex. The exploitability is said to be difficult. The vendor deleted the GitHub issue for this vulnerability without and explanation.

References (4)

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.321507

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.321507

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.635503

[Not Applicable] https://github.com/macrozheng/mall/issues/923

Scores

CVSS v3 3.7

EPSS 0.0003

EPSS Percentile 9.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-521

Status published

Products (1)

macrozheng/mall < 1.0.3

Published Aug 27, 2025

Tracked Since Feb 18, 2026