CVE-2025-15118 MEDIUM

CVE-2025-15118: macrozheng mall Member Endpoint update improper authorization

Vendor Macrozheng

Product mall

Weakness CWE-285

Published December 28, 2025

Last update December 29, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A security vulnerability has been detected in macrozheng mall up to 1.0.3. This vulnerability affects unknown code of the file /member/address/update/ of the component Member Endpoint. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

Key dates

02Disclosure timeline

December 28, 2025 CVE published

December 29, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-15118 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/285.html

Related vulnerabilities

Identifiers

CVE CVE-2025-15118

CWE CWE-285

CVSS 5.3 / MEDIUM

Affected versions

Vendor Macrozheng

Product mall

Affected 1.0.0

Vendor Macrozheng

Product mall

Affected 1.0.1

Vendor Macrozheng

Product mall

Affected 1.0.2

Vendor Macrozheng

Product mall

Affected 1.0.3

CVE-2025-15118: macrozheng mall Member Endpoint update improper authorization

01Description

02Disclosure timeline

03References

04Related CVE