Login Sign Up

CVE-2025-13115

4.3 MEDIUM
Authentication Bypass

📋 TL;DR

This vulnerability allows unauthorized access to order details in macrozheng mall-swarm and mall applications. Attackers can manipulate the orderId parameter to view orders they shouldn't have access to. This affects all users running vulnerable versions of these applications.

💻 Affected Systems

Products:
  • macrozheng mall-swarm
  • macrozheng mall
Versions: Up to and including 1.0.3
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the /order/detail/ endpoint specifically. All deployments with vulnerable versions are affected.

📦 What is this software?

Mall by Macrozheng

View all CVEs affecting Mall →

Mall Swarm by Macrozheng

View all CVEs affecting Mall Swarm →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access sensitive order information including customer details, payment information, and purchase history, potentially leading to data breaches and privacy violations.

🟠

Likely Case

Unauthorized viewing of order details, exposing customer information and order history to attackers.

🟢

If Mitigated

Limited exposure if proper authorization checks are implemented, restricting access to legitimate users only.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit has been released publicly and requires manipulation of orderId parameter. Attack is remote but may require some level of access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: Yes

Instructions:

No official patch available. Consider upgrading to newer versions if available, or implement workarounds.

🔧 Temporary Workarounds

Implement Authorization Check

all

Add proper authorization validation in the Order Details Handler to verify user has permission to access specific order IDs

Modify source code to add user permission checks before processing orderId parameter

Input Validation

all

Implement strict input validation on orderId parameter to prevent manipulation

Add validation logic to ensure orderId matches expected format and belongs to authenticated user

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to detect and block suspicious orderId parameter manipulation
  • Restrict network access to the application, limiting exposure to trusted networks only

🔍 How to Verify

Check if Vulnerable:

Test if you can access order details by manipulating orderId parameter without proper authorization

Check Version:

Check application version in configuration files or via application interface

Verify Fix Applied:

Verify that authorization checks prevent unauthorized access to order details

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed authorization attempts on /order/detail/ endpoint
  • Access to order IDs outside user's normal range

Network Indicators:

  • Unusual patterns of requests to /order/detail/ with varying orderId parameters

SIEM Query:

source="/order/detail/" AND (orderId NOT IN authorized_list OR multiple_orderId_access)

📊 Metadata

CVE ID: CVE-2025-13115
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-266
EPSS Score: 0.05% exploit probability (15.3th percentile)
Published: November 13, 2025
Last Updated: November 25, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-13115, you might also want to check these:

CVE-2026-23800 10.0

This vulnerability allows attackers to escalate privileges in Modular DS modular-connector WordPress...

Same vulnerability type (CWE-266)
CVE-2026-23550 10.0

This critical vulnerability in Modular DS allows attackers to escalate privileges due to incorrect p...

Same vulnerability type (CWE-266)
CVE-2025-41115 10.0

A critical vulnerability in Grafana's SCIM provisioning allows malicious SCIM clients to provision u...

Same vulnerability type (CWE-266)