EUVD-2025-175324

🗓️ 13 Nov 2025 14:32:06Reported by EUVDType

Vulnerability in mall-swarm up to version 1.0.3 allows remote manipulation of orderId in cancelOrder, causing improper authorization.

Reporter	Title	Published	Views	Family All 8
CNNVD	mall-swarm 授权问题漏洞	13 Nov 202500:00	–	cnnvd
CNVD	mall-swarm authorization issue vulnerability (CNVD-2026-10877)	18 Nov 202500:00	–	cnvd
CVE	CVE-2025-13117	13 Nov 202514:32	–	cve
Cvelist	CVE-2025-13117 macrozheng mall-swarm/mall cancelOrder improper authorization	13 Nov 202514:32	–	cvelist
NVD	CVE-2025-13117	13 Nov 202515:15	–	nvd
Positive Technologies	PT-2025-46830	13 Nov 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-13117	14 Nov 202514:59	–	redhatcve
Vulnrichment	CVE-2025-13117 macrozheng mall-swarm/mall cancelOrder improper authorization	13 Nov 202514:32	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "bf2c304c-ee48-3510-96a9-07b80d8ac93a",
        "vendor": {
          "name": "macrozheng"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "03bf1328-d7cf-3c23-8311-518b7a56bcf4",
        "product": {
          "name": "mall-swarm"
        },
        "product_version": "1.0.2"
      },
      {
        "id": "32030214-cb16-3c27-9fb8-391b934009e7",
        "product": {
          "name": "mall-swarm"
        },
        "product_version": "1.0.1"
      },
      {
        "id": "7b65179f-b099-314e-af40-fe9b0231fb9b",
        "product": {
          "name": "mall-swarm"
        },
        "product_version": "1.0.3"
      },
      {
        "id": "ff303f1b-2269-3ae0-a6be-78e9594dd0e0",
        "product": {
          "name": "mall-swarm"
        },
        "product_version": "1.0.0"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
github	www.github.com/Hwwg/cve/issues/7
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-13117

13 Nov 2025 16:57Current

5.3Medium risk

Vulners AI Score5.3

CVSS 45.3

CVSS 3.15.4

CVSS 25.5

CVSS 35.4

EPSS0.00265

SSVC