Login Sign Up

CVE-2025-13114

6.3 MEDIUM
Authentication Bypass

📋 TL;DR

This vulnerability in macrozheng mall-swarm allows attackers to bypass authorization controls when manipulating the updateAttr function in the cart update endpoint. Attackers can exploit this remotely to perform unauthorized actions. Systems running macrozheng mall-swarm versions up to 1.0.3 are affected.

💻 Affected Systems

Products:
  • macrozheng mall-swarm
Versions: up to 1.0.3
Operating Systems: all
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability affects the /cart/update/attr endpoint function updateAttr.

📦 What is this software?

Mall Swarm by Macrozheng

View all CVEs affecting Mall Swarm →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could modify shopping cart attributes, potentially altering prices, quantities, or other sensitive order data without authorization, leading to financial loss or data integrity issues.

🟠

Likely Case

Unauthorized modification of cart attributes, potentially affecting order processing and customer data integrity.

🟢

If Mitigated

With proper authorization controls and input validation, the vulnerability would be prevented from being exploited.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit is publicly available and might be used according to the disclosure. Attack requires remote access but likely needs some level of authentication to reach the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: unknown

Vendor Advisory: none

Restart Required: No

Instructions:

No official patch available. Vendor was contacted but did not respond. Consider workarounds or alternative solutions.

🔧 Temporary Workarounds

Implement Authorization Checks

all

Add proper authorization verification in the updateAttr function to ensure only authorized users can modify cart attributes.

Disable Vulnerable Endpoint

all

Temporarily disable or restrict access to the /cart/update/attr endpoint until a proper fix is available.

🧯 If You Can't Patch

  • Implement network segmentation to restrict access to the vulnerable system
  • Deploy web application firewall (WAF) rules to block suspicious requests to the affected endpoint

🔍 How to Verify

Check if Vulnerable:

Check if your system is running macrozheng mall-swarm version 1.0.3 or earlier and has the /cart/update/attr endpoint accessible.

Check Version:

Check application configuration or deployment files for version information

Verify Fix Applied:

Test authorization controls on the updateAttr function to ensure only authorized users can modify cart attributes.

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to /cart/update/attr
  • Unexpected modifications to cart attributes

Network Indicators:

  • Suspicious POST requests to /cart/update/attr endpoint
  • Unusual traffic patterns to cart functionality

SIEM Query:

source="application_logs" AND (uri="/cart/update/attr" AND status="200" AND user NOT IN authorized_users)

📊 Metadata

CVE ID: CVE-2025-13114
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-266
EPSS Score: 0.04% exploit probability (10.6th percentile)
Published: November 13, 2025
Last Updated: November 25, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-13114, you might also want to check these:

CVE-2026-23800 10.0

This vulnerability allows attackers to escalate privileges in Modular DS modular-connector WordPress...

Same vulnerability type (CWE-266)
CVE-2026-23550 10.0

This critical vulnerability in Modular DS allows attackers to escalate privileges due to incorrect p...

Same vulnerability type (CWE-266)
CVE-2025-41115 10.0

A critical vulnerability in Grafana's SCIM provisioning allows malicious SCIM clients to provision u...

Same vulnerability type (CWE-266)