CVE-2025-13116 – This vulnerability allows improper authorizatio... (How to Fix)

Q: What is the severity of CVE-2025-13116?

CVE-2025-13116 has a CVSS score of 5.4 (MEDIUM). This vulnerability allows improper authorization in macrozheng mall-swarm and mall applications up to version 1.0.3. Attackers can manipulate the orderId parameter in the cancelUserOrder function to perform unauthorized order cancellations. The vulnerability is remotely exploitable and affects systems running these e-commerce platforms.

📋 TL;DR

This vulnerability allows improper authorization in macrozheng mall-swarm and mall applications up to version 1.0.3. Attackers can manipulate the orderId parameter in the cancelUserOrder function to perform unauthorized order cancellations. The vulnerability is remotely exploitable and affects systems running these e-commerce platforms.

💻 Affected Systems

Products:

macrozheng mall-swarm
macrozheng mall

Versions: Up to and including 1.0.3

Operating Systems: Any

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all deployments of these e-commerce platforms within the vulnerable version range.

📦 What is this software?

Mall by Macrozheng

View all CVEs affecting Mall →

Mall Swarm by Macrozheng

View all CVEs affecting Mall Swarm →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could cancel arbitrary user orders, causing financial loss, service disruption, and data integrity issues across the entire e-commerce platform.

🟠

Likely Case

Targeted cancellation of specific user orders leading to customer complaints, refund processing issues, and operational disruption.

🟢

If Mitigated

Unauthorized access attempts are logged and blocked, with minimal impact due to proper authorization controls and monitoring.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit details are publicly available, requiring authenticated access but with authorization bypass.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a version beyond 1.0.3 if available, or implement workarounds.

🔧 Temporary Workarounds

Input Validation and Authorization Check

all

Add server-side validation to ensure users can only cancel their own orders by verifying order ownership before processing cancellation.

Implement proper authorization checks in the cancelUserOrder function

Web Application Firewall Rule

all

Block suspicious order cancellation requests with unusual orderId patterns or from unexpected sources.

Configure WAF to monitor /order/cancelUserOrder endpoint

🧯 If You Can't Patch

Implement network segmentation to restrict access to the order management interface
Enable detailed logging and monitoring of all order cancellation attempts

🔍 How to Verify

Check if Vulnerable:

Check application version in configuration files or via version endpoint. If version is 1.0.3 or earlier, system is vulnerable.

Check Version:

Check pom.xml for version tag or application.properties for version information

Verify Fix Applied:

Test order cancellation with different user accounts to ensure users can only cancel their own orders.

📡 Detection & Monitoring

Log Indicators:

Multiple failed authorization attempts on /order/cancelUserOrder
Order cancellations from unusual IP addresses or user accounts

Network Indicators:

Unusual patterns of POST requests to /order/cancelUserOrder with varying orderId parameters

SIEM Query:

source="application.log" AND "cancelUserOrder" AND ("401" OR "403" OR "orderId")

📊 Metadata

CVE ID: CVE-2025-13116

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CWE: CWE-266

EPSS Score: 0.05% exploit probability (14.3th percentile)

Published: November 13, 2025

Last Updated: November 25, 2025

🔗 References

https://github.com/Hwwg/cve/issues/13 Exploit,Issue Tracking,Third Party Advisory
https://github.com/Hwwg/cve/issues/8 Exploit,Issue Tracking,Third Party Advisory
https://vuldb.com/?ctiid.332321 Permissions Required,VDB Entry
https://vuldb.com/?id.332321 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.683339 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.686530 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-13116, you might also want to check these: