CVE-2025-15116

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-15116
A security flaw has been discovered in OpenCart up to 4.1.0.3. Affected by this issue is some unknown functionality of the component Single-Use Coupon Handler. Performing a manipulation results in race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

3.7 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

2.6 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:N/C:N/I:P/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
https://gist.github.com/KhanMarshaI/a55f125a55de1c0d4f41e66236027e01 Exploit Third Party Advisory
https://gist.github.com/KhanMarshaI/a55f125a55de1c0d4f41e66236027e01#steps-to-reproduce Exploit Third Party Advisory
https://vuldb.com/?ctiid.338494 Permissions Required VDB Entry
https://vuldb.com/?id.338494 Third Party Advisory VDB Entry
https://vuldb.com/?submit.711745 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:opencart:opencart:*:*:*:*:*:*:*:*
History

24 Feb 2026, 07:16

Type Values Removed Values Added
Summary (en) A security flaw has been discovered in OpenCart up to 4.1.0.3. Affected by this issue is some unknown functionality of the component Single-Use Coupon Handler. Performing manipulation results in race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. (en) A security flaw has been discovered in OpenCart up to 4.1.0.3. Affected by this issue is some unknown functionality of the component Single-Use Coupon Handler. Performing a manipulation results in race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

09 Jan 2026, 20:05

Type Values Removed Values Added
First Time Opencart
Opencart opencart
CPE cpe:2.3:a:opencart:opencart:*:*:*:*:*:*:*:*
References () https://gist.github.com/KhanMarshaI/a55f125a55de1c0d4f41e66236027e01 - () https://gist.github.com/KhanMarshaI/a55f125a55de1c0d4f41e66236027e01 - Exploit, Third Party Advisory
References () https://gist.github.com/KhanMarshaI/a55f125a55de1c0d4f41e66236027e01#steps-to-reproduce - () https://gist.github.com/KhanMarshaI/a55f125a55de1c0d4f41e66236027e01#steps-to-reproduce - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.338494 - () https://vuldb.com/?ctiid.338494 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.338494 - () https://vuldb.com/?id.338494 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.711745 - () https://vuldb.com/?submit.711745 - Third Party Advisory, VDB Entry

28 Dec 2025, 03:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-12-28 03:15

Updated : 2026-02-24 07:16

NVD link : CVE-2025-15116

Mitre link : CVE-2025-15116

CVE.ORG link : CVE-2025-15116

JSON object : View

Products Affected

opencart

  • opencart
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')