Login Sign Up

CVE-2025-4118

5.3 MEDIUM
Authentication Bypass

📋 TL;DR

This vulnerability in Weitong Mall 1.0.0 allows remote attackers to bypass access controls by manipulating the 'isDelete' parameter in the /historyList endpoint. Attackers can potentially delete or modify product history data without proper authorization. All users running Weitong Mall 1.0.0 are affected.

💻 Affected Systems

Products:
  • Weitong Mall
Versions: 1.0.0
Operating Systems: Any
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the Product History Handler component specifically. All installations of version 1.0.0 appear vulnerable.

📦 What is this software?

Mall by Weitong

View all CVEs affecting Mall →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could delete or tamper with critical product history data, causing data loss, business disruption, or inventory management issues.

🟠

Likely Case

Unauthorized deletion or modification of product history records, potentially affecting audit trails and business operations.

🟢

If Mitigated

Limited impact with proper access controls, logging, and monitoring in place to detect unauthorized access attempts.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and affects internet-facing e-commerce systems.
🏢 Internal Only: MEDIUM - Internal systems could still be targeted by insider threats or compromised internal accounts.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit details are publicly disclosed. Attack requires some level of access but not necessarily full authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: No

Instructions:

No official patch available. Consider upgrading if newer versions exist, or implement workarounds.

🔧 Temporary Workarounds

Input Validation Filter

all

Add server-side validation to reject unexpected 'isDelete' parameter values

Modify /historyList endpoint code to validate 'isDelete' parameter

Access Control Enhancement

all

Implement proper authorization checks before processing product history operations

Add role-based access control checks to Product History Handler

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block suspicious requests to /historyList endpoint
  • Restrict network access to Weitong Mall administration interfaces using network segmentation

🔍 How to Verify

Check if Vulnerable:

Test if unauthorized requests to /historyList with isDelete=1 can modify product history

Check Version:

Check Weitong Mall version in admin panel or configuration files

Verify Fix Applied:

Verify that unauthorized requests to /historyList with isDelete=1 are properly rejected

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed authorization attempts on /historyList
  • Unexpected product history deletions or modifications

Network Indicators:

  • HTTP requests to /historyList with isDelete=1 from unauthorized sources

SIEM Query:

sourceIP:* AND uri:"/historyList" AND parameters:"isDelete=1" AND NOT userRole:"admin"

📊 Metadata

CVE ID: CVE-2025-4118
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-266
EPSS Score: 0.06% exploit probability (17.3th percentile)
Published: April 30, 2025
Last Updated: May 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-4118, you might also want to check these:

CVE-2026-23800 10.0

This vulnerability allows attackers to escalate privileges in Modular DS modular-connector WordPress...

Same vulnerability type (CWE-266)
CVE-2026-23550 10.0

This critical vulnerability in Modular DS allows attackers to escalate privileges due to incorrect p...

Same vulnerability type (CWE-266)
CVE-2025-41115 10.0

A critical vulnerability in Grafana's SCIM provisioning allows malicious SCIM clients to provision u...

Same vulnerability type (CWE-266)