CVE-2025-0974 LOW

CVE-2025-0974: MaxD Lightning Module deserialization

Vendor Maxd

Product Lightning Module

Weakness CWE-502 · Unsafe deserialization

Published February 3, 2025

Last update April 19, 2026

View on NVD All CVEs

CVSS base score

2.3/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was determined in MaxD Lightning Module 4.43/4.44 on OpenCart. This issue affects some unknown processing. Executing a manipulation of the argument li_op/md can lead to deserialization. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is assessed as difficult. The exploit has been publicly disclosed and may be utilized. Upgrading to version 4.45 is capable of addressing this issue. Upgrading the affected component is advised.

Key dates

02Disclosure timeline

February 3, 2025 CVE published

April 19, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-0974 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/502.html

Related vulnerabilities

Identifiers

CVE CVE-2025-0974

CWE CWE-502

CVSS 2.3 / LOW

Affected versions

Vendor Maxd

Product Lightning Module

Affected 4.43

Vendor Maxd

Product Lightning Module

Affected 4.44

CVE-2025-0974: MaxD Lightning Module deserialization

01Description

02Disclosure timeline

03References

04Related CVE