CVE-2025-13246 MEDIUM

CVE-2025-13246: shsuishang ShopSuite ModulithShop JwtAuthenticationFilter.java JwtAuthenticationFilter path traversal

Vendor Shsuishang

Product ShopSuite ModulithShop

Weakness CWE-22 · Path traversal

Published November 16, 2025

Last update November 17, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A vulnerability was identified in shsuishang ShopSuite ModulithShop up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a. Impacted is the function JwtAuthenticationFilter of the file src/main/java/com/suisung/shopsuite/common/security/JwtAuthenticationFilter.java. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

Key dates

Disclosure timeline

November 16, 2025 CVE published

November 17, 2025 Record updated

Identifiers

CVE CVE-2025-13246

CWE CWE-22

CVSS 5.3 / MEDIUM

Affected versions

Vendor Shsuishang

Product ShopSuite ModulithShop

Affected 45a99398cec3b7ad7ff9383694f0b53339f2d35a