CVE-2025-8991 MEDIUM

CVE-2025-8991: linlinjava litemall Business Logic express logic error

Vendor Linlinjava

Product litemall

Weakness CWE-840

Published August 15, 2025

Last update August 15, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A vulnerability was identified in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file /admin/config/express of the component Business Logic Handler. The manipulation of the argument litemall_express_freight_min leads to business logic errors. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Key dates

Disclosure timeline

August 15, 2025 CVE published

August 15, 2025 Record updated

Identifiers

CVE CVE-2025-8991

CWE CWE-840

CVSS 5.3 / MEDIUM

Affected versions

Vendor Linlinjava

Product litemall

Affected 1.0

Vendor Linlinjava

Product litemall

Affected 1.1

Vendor Linlinjava

Product litemall

Affected 1.2

Vendor Linlinjava

Product litemall

Affected 1.3

Vendor Linlinjava

Product litemall

Affected 1.4

Vendor Linlinjava

Product litemall

Affected 1.5

Vendor Linlinjava

Product litemall

Affected 1.6

Vendor Linlinjava

Product litemall

Affected 1.7

Vendor Linlinjava

Product litemall

Affected 1.8.0