CVE-2025-12854

LOW EPSS 32.5%

Published Nov 7, 20257mo ago · Modified Jun 17, 20261w ago

2.9 CVSS 4.0

Low

Published Nov 7, 2025 7mo ago

Last Modified Jun 17, 2026 1w ago

Description

A vulnerability was identified in newbee-mall-plus up to 2.4.1. This vulnerability affects the function executeSeckill of the file /seckillExecution/. The manipulation of the argument userid leads to authorization bypass. It is possible to initiate the attack remotely. The attack is considered to have high complexity. It is stated that the exploitability is difficult. The exploit is publicly available and might be used.

CVSS Details

Base Score

2.9

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity High

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

32.5% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 2

CWE-285

CWE-639

References 4

github.com https://github.com/Hwwg/cve/issues/4
vuldb.com https://vuldb.com/?ctiid.331500
vuldb.com https://vuldb.com/?id.331500
vuldb.com https://vuldb.com/?submit.679281

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.