Guessable Captcha Vulnerability in Newbee-Mall by Newbee Ltd.
CVE-2025-10423

6.3MEDIUM

Key Information:

Vendor

Newbee Ltd.

Status
Newbee-mall
Vendor
CVE Published:
15 September 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-10423?

A vulnerability identified within the Newbee-Mall version 1.0 impacts the mallKaptcha function located in the /common/mall/kaptcha file. This flaw allows for the generation of guessable captcha values, potentially enabling unauthorized access through a remote attack. The complexity of exploiting this vulnerability is high, requiring a sophisticated approach. This exploit has been made publicly available, highlighting the urgency for affected users to enhance their security measures and mitigate potential risks.

Affected Version(s)

newbee-mall 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-10423 - Proof of Concept

References

https://vuldb.com/?id.323857
vdb-entrytechnical-description
https://vuldb.com/?ctiid.323857
signaturepermissions-required
https://vuldb.com/?submit.647066
third-party-advisory

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

ez-lbz (VulDB User)
.
CVE-2025-10423 : Guessable Captcha Vulnerability in Newbee-Mall by Newbee Ltd.