CVE-2025-2089 | StarSea99 starsea-mall 1.0/2.X com.siro.mall.controller.mall.UserController /personal/updateInfo updateUserInfo userId access control

Inserito da Angelo Barbosa | Mar 7, 2025 | CVE

A vulnerability has been found in StarSea99 starsea-mall 1.0/2.X and classified as critical. Affected by this vulnerability is the function updateUserInfo of the file /personal/updateInfo of the component com.siro.mall.controller.mall.UserController. The manipulation of the argument userId leads to improper access controls.

This vulnerability is known as CVE-2025-2089. The attack can be launched remotely. Furthermore, there is an exploit available.

CVE-2025-2089 | StarSea99 starsea-mall 1.0/2.X com.siro.mall.controller.mall.UserController /personal/updateInfo updateUserInfo userId access control

Post correlati

CVE-2024-22023 | Ivanti Connect Secure/Policy Secure SAML resource consumption

CVE-2024-8900 | Mozilla Firefox up to 128 Clipboard

CVE-2025-0635 | M-Files Server up to 24.11 allocation of resources

CVE-2024-6355 | Genexis Tilgin Fiber Home Gateway HG1522 CSx000-01_09_01_12 /status/product_info/ product_info cross site scripting