CVE-2025-59413 — MEDIUM (6.5)

Q: How severe is CVE-2025-59413?

CVE-2025-59413 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-59413?

Check the references section above for vendor advisories and patch information. Affected products include: Cubecart Cubecart.

Vulnerability Description

CubeCart is an ecommerce software solution. Prior to version 6.5.11, a logic flaw exists in the newsletter subscription endpoint that allows an attacker to unsubscribe any user without their consent. By changing the value of the force_unsubscribe parameter in the POST request to 1, an attacker can force the removal of any valid subscriber’s email address. This issue has been patched in version 6.5.11.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Cubecart	Cubecart	< 6.5.11

Related Weaknesses (CWE)

CWE-862

References

FAQ

What is CVE-2025-59413?

CVE-2025-59413 is a vulnerability with a CVSS score of 6.5 (MEDIUM). CubeCart is an ecommerce software solution. Prior to version 6.5.11, a logic flaw exists in the newsletter subscription endpoint that allows an attacker to unsubscribe any user without their consent. ...

How severe is CVE-2025-59413?

CVE-2025-59413 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-59413?

Check the references section above for vendor advisories and patch information. Affected products include: Cubecart Cubecart.