Race Condition Vulnerability in GrandNode eCommerce Platform
CVE-2025-10216

2.1LOW

Key Information:

Vendor

GrandNode

Status
Grandnode
Vendor
CVE Published:
10 September 2025

What is CVE-2025-10216?

A race condition vulnerability exists in the GrandNode eCommerce platform, specifically within the Voucher Handler component located in the /checkout/ConfirmOrder/ path. It arises from the unsafe manipulation of the giftvouchercouponcode argument, allowing for potentially unauthorized access. This flaw can be exploited remotely, although it requires sophisticated techniques to execute successfully. The vendor was informed of this issue prior to public disclosure but did not respond to the notice.

Affected Version(s)

GrandNode 2.0

GrandNode 2.1

GrandNode 2.2

References

https://vuldb.com/?id.323485
vdb-entrytechnical-description
https://vuldb.com/?ctiid.323485
signaturepermissions-required
https://vuldb.com/?submit.640784
third-party-advisory

CVSS V4

Score:
2.1
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

kkc73 (VulDB User)
.
CVE-2025-10216 : Race Condition Vulnerability in GrandNode eCommerce Platform