CVE-2025-13116 | macrozheng mall-swarm up to 1.0.3 /order/cancelUserOrder orderId improper authorization

A vulnerability, which was classified as critical, was found in macrozheng mall-swarm up to 1.0.3. Affected is the function cancelUserOrder of the file /order/cancelUserOrder. Executing manipulation of the argument orderId can lead to improper authorization.

This vulnerability is registered as CVE-2025-13116. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More