CVE-2025-10423 MEDIUM

CVE-2025-10423: newbee-mall kaptcha mallKaptcha Captcha

Vendor N/A
Product newbee-mall
Weakness CWE-804
Published September 15, 2025
Last update September 15, 2025

CVSS base score

6.3/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was found in newbee-mall 1.0. Impacted is the function mallKaptcha of the file /common/mall/kaptcha. The manipulation results in guessable captcha. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is considered difficult. The exploit has been made public and could be used.

Key dates

02Disclosure timeline

September 15, 2025 CVE published
September 15, 2025 Record updated