Vulnerability Description
A security vulnerability has been detected in macrozheng mall-swarm up to 1.0.3. Affected is the function delete of the file /member/readHistory/delete. Such manipulation of the argument ids leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Macrozheng | Mall-Swarm | <= 1.0.3 |
Related Weaknesses (CWE)
References
- https://github.com/Hwwg/cve/issues/17ExploitThird Party AdvisoryIssue Tracking
- https://vuldb.com/?ctiid.334257Permissions RequiredVDB Entry
- https://vuldb.com/?id.334257Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.694797Third Party AdvisoryVDB Entry
- https://github.com/Hwwg/cve/issues/17ExploitThird Party AdvisoryIssue Tracking
FAQ
What is CVE-2025-14016?
CVE-2025-14016 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A security vulnerability has been detected in macrozheng mall-swarm up to 1.0.3. Affected is the function delete of the file /member/readHistory/delete. Such manipulation of the argument ids leads to ...
How severe is CVE-2025-14016?
CVE-2025-14016 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-14016?
Check the references section above for vendor advisories and patch information. Affected products include: Macrozheng Mall-Swarm.