CVE-2025-13115 MEDIUM

CVE-2025-13115: macrozheng mall-swarm/mall Order Details detail improper authorization

Vendor Macrozheng
Product mall-swarm
Weakness CWE-285
Published November 13, 2025
Last update November 15, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A security flaw has been discovered in macrozheng mall-swarm and mall up to 1.0.3. This impacts the function detail of the file /order/detail/ of the component Order Details Handler. Performing manipulation of the argument orderId results in improper authorization. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

November 13, 2025 CVE published
November 15, 2025 Record updated