Race Condition Vulnerability in Smartstore E-commerce Platform
CVE-2025-10778

2.3LOW

Key Information:

Vendor

Smartstore AG

Status
Smartstore
Vendor
CVE Published:
22 September 2025

What is CVE-2025-10778?

A race condition vulnerability has been identified in the Smartstore e-commerce platform, specifically within its Gift Voucher Handler component located at /checkout/confirm/. This flaw permits an attacker to manipulate the functionality remotely, potentially leading to unintended behaviors in the system. The complexity involved in executing this attack is considered high, and initial outreach to the vendor regarding the issue has gone unanswered. Users of Smartstore versions up to 6.2.0 should evaluate their security posture and consider implementing necessary mitigations.

Affected Version(s)

Smartstore 6.0

Smartstore 6.1

Smartstore 6.2.0

References

https://vuldb.com/?id.325134
vdb-entry
https://vuldb.com/?ctiid.325134
signaturepermissions-required
https://vuldb.com/?submit.640785
third-party-advisory

CVSS V4

Score:
2.3
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

kkc73 (VulDB User)
.
CVE-2025-10778 : Race Condition Vulnerability in Smartstore E-commerce Platform