CVE-2025-13117 – This vulnerability allows attackers to cancel o... (How to Fix)

Q: What is the severity of CVE-2025-13117?

CVE-2025-13117 has a CVSS score of 5.4 (MEDIUM). This vulnerability allows attackers to cancel orders without proper authorization in macrozheng mall-swarm and mall applications. Attackers can exploit this remotely by manipulating the orderId parameter in the cancelOrder function. All users running affected versions are vulnerable to unauthorized order cancellations.

📋 TL;DR

This vulnerability allows attackers to cancel orders without proper authorization in macrozheng mall-swarm and mall applications. Attackers can exploit this remotely by manipulating the orderId parameter in the cancelOrder function. All users running affected versions are vulnerable to unauthorized order cancellations.

💻 Affected Systems

Products:

macrozheng mall-swarm
macrozheng mall

Versions: Up to and including version 1.0.3

Operating Systems: Any OS running the affected applications

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the /order/cancelOrder endpoint with the orderId parameter manipulation.

📦 What is this software?

Mall by Macrozheng

View all CVEs affecting Mall →

Mall Swarm by Macrozheng

View all CVEs affecting Mall Swarm →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Mass unauthorized order cancellations leading to financial loss, customer dissatisfaction, and potential business disruption.

🟠

Likely Case

Targeted unauthorized order cancellations affecting specific customers or orders, causing customer service issues and potential refund processing problems.

🟢

If Mitigated

Minimal impact with proper authentication and authorization controls in place, limited to attempted attacks that are logged and blocked.

🌐 Internet-Facing: HIGH - The vulnerability can be exploited remotely and the exploit has been publicly disclosed.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this, but external remote exploitation poses greater risk.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit has been publicly disclosed and requires authentication but bypasses authorization checks.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available - vendor did not respond to disclosure

Restart Required: Yes

Instructions:

No official patch available. Consider upgrading to a newer version if available, or implement workarounds.

🔧 Temporary Workarounds

Implement Authorization Check

all

Add proper authorization validation in the cancelOrder function to verify user has permission to cancel specific orders

Modify source code to add user permission checks before processing order cancellation

Web Application Firewall Rule

all

Block suspicious order cancellation requests or implement rate limiting

Configure WAF to monitor and block unusual patterns in /order/cancelOrder requests

🧯 If You Can't Patch

Implement network segmentation to restrict access to the vulnerable endpoint
Enable detailed logging and monitoring for all order cancellation attempts

🔍 How to Verify

Check if Vulnerable:

Test if unauthorized users can cancel orders by manipulating orderId parameter in /order/cancelOrder endpoint

Check Version:

Check application version in pom.xml or application.properties files

Verify Fix Applied:

Verify that proper authorization checks are in place and only authorized users can cancel their own orders

📡 Detection & Monitoring

Log Indicators:

Multiple failed authorization attempts on /order/cancelOrder
Order cancellations from unusual IP addresses or user accounts
Rapid sequence of order cancellation requests

Network Indicators:

Unusual patterns of POST requests to /order/cancelOrder endpoint
Order cancellation requests with manipulated orderId parameters

SIEM Query:

source="application.logs" AND (uri="/order/cancelOrder" AND (response_code=200 OR response_code=403) AND user_id!=order_owner_id)

📊 Metadata

CVE ID: CVE-2025-13117

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CWE: CWE-266

EPSS Score: 0.05% exploit probability (14.3th percentile)

Published: November 13, 2025

Last Updated: November 25, 2025

🔗 References

https://github.com/Hwwg/cve/issues/12 Exploit,Issue Tracking,Third Party Advisory
https://github.com/Hwwg/cve/issues/7 Exploit,Issue Tracking,Third Party Advisory
https://vuldb.com/?ctiid.332322 Permissions Required,VDB Entry
https://vuldb.com/?id.332322 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.683340 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.686529 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-13117, you might also want to check these: