CVE-2025-13114 MEDIUM

CVE-2025-13114: macrozheng mall-swarm attr updateAttr improper authorization

Vendor Macrozheng
Product mall-swarm
Weakness CWE-285
Published November 13, 2025
Last update November 13, 2025
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was identified in macrozheng mall-swarm up to 1.0.3. This affects the function updateAttr of the file /cart/update/attr. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

November 13, 2025 CVE published
November 13, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-66291 OrangeHRM is Vulnerable to Improper Authorization Allowing Unauthorized Access to Interview Attachments CVE-2025-10736 ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.10 - Incorrect Authorization to Unauthenticated Information Exposure and Data Manipulation CVE-2026-10236 SourceCodester Water Billing Management System User Management Endpoint Users.php save improper authorization CVE-2026-9376 JPress UCenter Article Submission Endpoint doWriteSave improper authorization CVE-2021-32523 QSAN Storage Manager - Improper Authorization