CVE-2025-4136 MEDIUM

CVE-2025-4136: Weitong Mall Sale Endpoint improper authorization

Vendor Weitong

Product Mall

Weakness CWE-285

Published April 30, 2025

Last update May 1, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in Weitong Mall 1.0.0. It has been classified as critical. This affects an unknown part of the component Sale Endpoint. The manipulation of the argument ID leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

April 30, 2025 CVE published

May 1, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-4136

Related vulnerabilities

04Related CVE

CVE-2023-6538 System Management Unit (SMU) versions prior to 14.8.7825.01, used to manage Hitachi Vantara NAS products is susceptible to unintended information disclosure via unprivileged access to SMU configuration backup data. CVE-2022-33722 CVE-2025-2639 JIZHICMS Article release.html improper authorization CVE-2020-5231 Opencast users with ROLE_COURSE_ADMIN can create new users CVE-2024-11860 SourceCodester Best House Rental Management System POST Request ajax.php improper authorization