CVE-2025-10216 | GrandNode up to 2.3.0 Voucher /checkout/ConfirmOrder/ giftvouchercouponcode race condition

Inserito da Angelo Barbosa | Set 10, 2025 | CVE

A vulnerability classified as problematic was found in GrandNode up to 2.3.0. The impacted element is an unknown function of the file /checkout/ConfirmOrder/ of the component Voucher Handler. The manipulation of the argument giftvouchercouponcode results in race condition.

This vulnerability is cataloged as CVE-2025-10216. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-10216 | GrandNode up to 2.3.0 Voucher /checkout/ConfirmOrder/ giftvouchercouponcode race condition

Post correlati

CVE-2024-1778 | Admin Side Data Storage for Contact Form 7 Plugin up to 1.1.1 on WordPress Bookmark Status authorization

CVE-2025-2928 | Genetec Security Center Archiver sql injection

CVE-2024-34671 | Samsung Internet up to 26.0.3.0 Translation implicit intent

CVE-2024-48747 | alist-tvbox 1.7.1 /atv-cli Privilege Escalation