CVE-2025-13118 – This vulnerability in macrozheng mall-swarm and... (How to Fix)

Q: What is the severity of CVE-2025-13118?

CVE-2025-13118 has a CVSS score of 6.3 (MEDIUM). This vulnerability in macrozheng mall-swarm and mall allows attackers to bypass authorization by manipulating the orderID parameter in the paySuccess function. Remote attackers can exploit this to access or modify payment-related data without proper permissions. Systems running affected versions up to 1.0.3 are vulnerable.

📋 TL;DR

This vulnerability in macrozheng mall-swarm and mall allows attackers to bypass authorization by manipulating the orderID parameter in the paySuccess function. Remote attackers can exploit this to access or modify payment-related data without proper permissions. Systems running affected versions up to 1.0.3 are vulnerable.

💻 Affected Systems

Products:

macrozheng mall-swarm
macrozheng mall

Versions: Up to and including version 1.0.3

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the /order/paySuccess endpoint; any deployment using vulnerable versions is affected regardless of configuration.

📦 What is this software?

Mall by Macrozheng

View all CVEs affecting Mall →

Mall Swarm by Macrozheng

View all CVEs affecting Mall Swarm →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could manipulate payment statuses, modify order data, or potentially escalate privileges to access sensitive customer information or administrative functions.

🟠

Likely Case

Unauthorized viewing or modification of order payment statuses, potentially leading to fraudulent order confirmations or payment manipulation.

🟢

If Mitigated

With proper authorization controls and input validation, the vulnerability would be prevented, limiting impact to attempted but unsuccessful attacks.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit details are publicly available; manipulation of orderID parameter is straightforward once endpoint access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: Yes

Instructions:

No official patch available. Consider upgrading to latest version if available, or implement workarounds. Monitor vendor channels for updates.

🔧 Temporary Workarounds

Implement Authorization Check

all

Add proper authorization validation in the paySuccess function to verify user permissions before processing orderID.

Modify source code to include user authentication and authorization checks before orderID processing

Input Validation and Sanitization

all

Implement strict input validation for orderID parameter to prevent unauthorized manipulation.

Add input validation logic to verify orderID format and ownership before processing

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block suspicious requests to /order/paySuccess endpoint
Restrict network access to the vulnerable endpoint using network segmentation or access control lists

🔍 How to Verify

Check if Vulnerable:

Check application version; if running macrozheng mall or mall-swarm version 1.0.3 or earlier, system is vulnerable. Test by attempting unauthorized access to /order/paySuccess with manipulated orderID.

Check Version:

Check application configuration files or deployment manifests for version information

Verify Fix Applied:

Verify that authorization checks are properly implemented in paySuccess function and that unauthorized orderID manipulation is rejected.

📡 Detection & Monitoring

Log Indicators:

Multiple failed authorization attempts on /order/paySuccess
Unusual orderID parameter values in paySuccess requests
Payment status changes from unexpected sources

Network Indicators:

Unusual traffic patterns to /order/paySuccess endpoint
Requests with manipulated orderID parameters

SIEM Query:

source="application_logs" AND (uri="/order/paySuccess" AND (status="403" OR status="200" with unusual parameters))

📊 Metadata

CVE ID: CVE-2025-13118

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-266

EPSS Score: 0.05% exploit probability (14.6th percentile)

Published: November 13, 2025

Last Updated: November 25, 2025

🔗 References

https://github.com/Hwwg/cve/issues/14 Exploit,Issue Tracking,Third Party Advisory
https://github.com/Hwwg/cve/issues/9 Exploit,Issue Tracking,Third Party Advisory
https://vuldb.com/?ctiid.332323 Permissions Required,VDB Entry
https://vuldb.com/?id.332323 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.683345 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.686531 Third Party Advisory,VDB Entry
https://github.com/Hwwg/cve/issues/9 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-13118, you might also want to check these: