CVE-2025-14016 MEDIUM

CVE-2025-14016: macrozheng mall-swarm delete improper authorization

Vendor Macrozheng
Product mall-swarm
Weakness CWE-285
Published December 4, 2025
Last update December 5, 2025
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A security vulnerability has been detected in macrozheng mall-swarm up to 1.0.3. Affected is the function delete of the file /member/readHistory/delete. Such manipulation of the argument ids leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

December 4, 2025 CVE published
December 5, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-9151 LiuYuYang01 ThriveX-Blog web updateJsonValueByName improper authorization CVE-2026-7292 o2oa NodeAgent NodeAgent.java syncFile improper authorization CVE-2021-24190 WooCommerce Conditional Marketing Mailer < 1.5.2 - Arbitrary Plugin Installation/Activation via Low Privilege User CVE-2024-47876 Sakai: Kernel users created with type roleview can login as a normal user CVE-2026-7093 code-projects Invoice System in Laravel Invoice Endpoint invoice improper authorization