CVE-2025-0841 MEDIUM

CVE-2025-0841: Aridius XYZ News loadMore deserialization

Vendor Aridius
Product XYZ
Weakness CWE-502 · Unsafe deserialization
Published January 29, 2025
Last update January 31, 2025

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability has been found in Aridius XYZ up to 20240927 on OpenCart and classified as critical. This vulnerability affects the function loadMore of the component News. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

Key dates

02Disclosure timeline

January 29, 2025 CVE published
January 31, 2025 Record updated