CVE-2025-12854 | newbee-mall-plus up to 2.4.1 /seckillExecution/ executeSeckill userid authorization

Inserito da Angelo Barbosa | Nov 7, 2025 | CVE

A vulnerability was found in newbee-mall-plus up to 2.4.1. It has been rated as critical. This vulnerability affects the function executeSeckill of the file /seckillExecution/. The manipulation of the argument userid leads to authorization bypass.

This vulnerability is traded as CVE-2025-12854. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

CVE-2025-12854 | newbee-mall-plus up to 2.4.1 /seckillExecution/ executeSeckill userid authorization

Post correlati

CVE-2025-43746 | Liferay Portal/DXP cross site scripting

CVE-2024-36773 | Monstra CMS 3.0.4 index.php Themes cross site scripting

CVE-2024-47035 | Google Android virtio_ring.h vring_init out-of-bounds write

CVE-2024-26611 | Linux Kernel up to 6.6.14/6.7.2/6.8-rc1 on ZC xsk bpf_xdp_adjust_tail null pointer dereference (82ee4781b820/5cd781f7216f/c5114710c8ce)