CVE-2025-13443 MEDIUM

CVE-2025-13443: macrozheng mall delete access control

Vendor Macrozheng
Product mall
Weakness CWE-284
Published November 20, 2025
Last update November 20, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was detected in macrozheng mall up to 1.0.3. Affected by this issue is the function delete of the file /member/readHistory/delete. Performing manipulation of the argument ids results in improper access controls. Remote exploitation of the attack is possible. The exploit is now public and may be used.

Key dates

02Disclosure timeline

November 20, 2025 CVE published
November 20, 2025 Record updated