CVE-2025-10422 | newbee-mall up to 613a662adf1da7623ec34459bc83e3c1b12d8ce7 Order Status /paySuccess orderNo improper authorization (Issue 100)

A vulnerability was found in newbee-mall up to 613a662adf1da7623ec34459bc83e3c1b12d8ce7. It has been rated as critical. This issue affects the function paySuccess of the file /paySuccess of the component Order Status Handler. The manipulation of the argument orderNo leads to improper authorization.

This vulnerability is referenced as CVE-2025-10422. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.

CVE-2025-10422 | newbee-mall up to 613a662adf1da7623ec34459bc83e3c1b12d8ce7 Order Status /paySuccess orderNo improper authorization (Issue 100)

Post correlati

CVE-2025-25331 | Beitatong LianJia 9.83.50 on iOS Link information disclosure

CVE-2024-43683 | Microchip TimeProvider 4100 up to 2.4.6 HTTP Header redirect

CVE-2024-9855 | 07FLYCMS/07FLY-CMS/07FlyCRM 1.3.8 Module Plug-In sysmodule_1 uploadFile file unrestricted upload

CVE-2024-1722 | Keycloak Account Lockout denial of service