CVE-2025-12304 MEDIUM

CVE-2025-12304: dulaiduwang003 TIME-SEA-PLUS Order Status PayController.java alipayIsSucceed improper authorization

Vendor Dulaiduwang003

Product TIME-SEA-PLUS

Weakness CWE-285

Published October 27, 2025

Last update October 27, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A vulnerability has been found in dulaiduwang003 TIME-SEA-PLUS up to fb299162f18498dd9cf17da906886d80a077d53b. This affects the function alipayIsSucceed of the file PayController.java of the component Order Status Handler. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

Key dates

Disclosure timeline

October 27, 2025 CVE published

October 27, 2025 Record updated

Identifiers

CVE CVE-2025-12304

CWE CWE-285

CVSS 5.3 / MEDIUM

Affected versions

Vendor Dulaiduwang003

Product TIME-SEA-PLUS

Affected fb299162f18498dd9cf17da906886d80a077d53b