CVE-2025-14016 – This vulnerability in macrozheng mall-swarm all... (How to Fix)

Q: What is the severity of CVE-2025-14016?

CVE-2025-14016 has a CVSS score of 5.4 (MEDIUM). This vulnerability in macrozheng mall-swarm allows unauthorized deletion of user read history records through improper authorization in the delete function. Attackers can remotely exploit this to delete data without proper permissions. All users running affected versions are impacted.

📋 TL;DR

This vulnerability in macrozheng mall-swarm allows unauthorized deletion of user read history records through improper authorization in the delete function. Attackers can remotely exploit this to delete data without proper permissions. All users running affected versions are impacted.

💻 Affected Systems

Products:

macrozheng mall-swarm

Versions: up to 1.0.3

Operating Systems: Any

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the /member/readHistory/delete endpoint specifically.

📦 What is this software?

Mall Swarm by Macrozheng

View all CVEs affecting Mall Swarm →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious actors could delete all user read history data, causing data loss and potential service disruption.

🟠

Likely Case

Targeted deletion of specific user history records, potentially affecting user experience and data integrity.

🟢

If Mitigated

Minimal impact with proper authorization controls and monitoring in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit details are publicly disclosed and manipulation of the 'ids' parameter leads to improper authorization.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Vendor was contacted but did not respond. Consider upgrading to a newer version if available or implementing workarounds.

🔧 Temporary Workarounds

Implement Authorization Check

all

Add proper authorization validation before processing delete requests

Modify source code to validate user permissions before executing delete operation

Restrict Access to Endpoint

linux

Apply network-level restrictions to limit access to vulnerable endpoint

iptables -A INPUT -p tcp --dport [PORT] -m string --string "/member/readHistory/delete" --algo bm -j DROP

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block unauthorized delete requests
Monitor and alert on suspicious delete operations from the affected endpoint

🔍 How to Verify

Check if Vulnerable:

Check if running macrozheng mall-swarm version 1.0.3 or earlier and test if unauthorized delete requests to /member/readHistory/delete are successful

Check Version:

Check application configuration files or deployment manifests for version information

Verify Fix Applied:

Test that proper authorization checks are in place and unauthorized delete requests are rejected

📡 Detection & Monitoring

Log Indicators:

Multiple DELETE requests to /member/readHistory/delete from unauthorized users
Unusual patterns of read history deletions

Network Indicators:

HTTP DELETE requests to vulnerable endpoint with manipulated ids parameter

SIEM Query:

source="web_logs" AND uri="/member/readHistory/delete" AND method="DELETE" AND NOT user IN authorized_users

📊 Metadata

CVE ID: CVE-2025-14016

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CWE: CWE-266

EPSS Score: 0.07% exploit probability (21.1th percentile)

Published: December 4, 2025

Last Updated: December 15, 2025

🔗 References

https://github.com/Hwwg/cve/issues/17 Exploit,Third Party Advisory,Issue Tracking
https://vuldb.com/?ctiid.334257 Permissions Required,VDB Entry
https://vuldb.com/?id.334257 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.694797 Third Party Advisory,VDB Entry
https://github.com/Hwwg/cve/issues/17 Exploit,Third Party Advisory,Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14016, you might also want to check these: