CVE-2025-9514

A vulnerability has been found in macrozheng mall up to 1.0.3. This impacts an unknown function of the component Registration. Such manipulation leads to weak password requirements. The attack can be executed remotely. Attacks of this nature are highly complex. The exploitability is said to be difficult. The vendor deleted the GitHub issue for this vulnerability without and explanation.

CVSS v3 3.7 LOW
CVSS v2.0 2.6 LOW

3.7^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/macrozheng/mall/issues/923	Not Applicable
https://vuldb.com/?ctiid.321507	Permissions Required VDB Entry
https://vuldb.com/?id.321507	Third Party Advisory VDB Entry
https://vuldb.com/?submit.635503	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:macrozheng:mall:*:*:*:*:*:*:*:*

History

26 Nov 2025, 16:36

Type	Values Removed	Values Added
References	~~() https://github.com/macrozheng/mall/issues/923 -~~	() https://github.com/macrozheng/mall/issues/923 - Not Applicable
References	~~() https://vuldb.com/?ctiid.321507 -~~	() https://vuldb.com/?ctiid.321507 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.321507 -~~	() https://vuldb.com/?id.321507 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.635503 -~~	() https://vuldb.com/?submit.635503 - Third Party Advisory, VDB Entry
CPE		cpe:2.3:a:macrozheng:mall::::::::
First Time		Macrozheng Macrozheng mall

29 Aug 2025, 16:24

Type	Values Removed	Values Added
Summary		(es) Se ha detectado una vulnerabilidad en macrozheng mall (hasta la versión 1.0.3). Esta afecta a una función desconocida del componente Registro. Esta manipulación conlleva requisitos de contraseña poco rigurosos. El ataque puede ejecutarse en remoto. Es un ataque de complejidad bastante alta. Parece difícil de explotar. El proveedor eliminó la incidencia de GitHub relacionada con esta vulnerabilidad sin proporcionar ninguna explicación.

27 Aug 2025, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-27 06:15

Updated : 2025-11-26 16:36

NVD link : CVE-2025-9514

Mitre link : CVE-2025-9514

CVE.ORG link : CVE-2025-9514

JSON object : View

Products Affected

macrozheng

mall

CWE

CWE-521

Weak Password Requirements

3.7 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.6 /10

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2025-9514

3.7^/10

2.6^/10

Attach tags to `CVE-2025-9514`