Cross-Site Scripting Vulnerability in MikeCen WeChat-Face-Recognition
CVE-2025-10943

5.1MEDIUM

Key Information:

Vendor

Mikecen

Status
Wechat-face-recognition
Vendor
CVE Published:
25 September 2025

What is CVE-2025-10943?

A security flaw has been identified in the MikeCen WeChat-Face-Recognition application, particularly in the wx.php file's valid function. This flaw allows attackers to manipulate the echostr argument, leading to cross-site scripting vulnerabilities. Since the product does not follow versioning, it's challenging to ascertain the full extent of affected releases. Attempts to notify the vendor regarding this issue have gone unanswered, leaving users at risk of remote attacks via this vector.

Affected Version(s)

WeChat-Face-Recognition 6e3f72bf8547d80b59e330f1137e4aa505f492c1

References

https://vuldb.com/?id.325813
vdb-entrytechnical-description
https://vuldb.com/?ctiid.325813
signaturepermissions-required
https://vuldb.com/?submit.651882
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

dev03301 (VulDB User)
JSON
.
CVE-2025-10943 : Cross-Site Scripting Vulnerability in MikeCen WeChat-Face-Recognition