Improper Authorization in Macrozheng Mall-Swarm Affects Payment Processing
CVE-2025-13118

5.3MEDIUM

Key Information:

Vendor

Macrozheng

Status
Mall-swarm
Vendor
CVE Published:
13 November 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-13118?

A vulnerability exists in Macrozheng's mall-swarm software, specifically in the paySuccess function located in the /order/paySuccess file. This issue arises due to improper handling of the orderID argument, allowing unauthorized access to sensitive functionalities. Attackers can exploit this vulnerability remotely, posing a significant security risk. The exploit has been publicly disclosed, highlighting the urgent need for users of affected versions to assess their systems and implement necessary security measures.

Affected Version(s)

mall-swarm 1.0.0

mall-swarm 1.0.1

mall-swarm 1.0.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-13118 - Proof of Concept

References

https://vuldb.com/?id.332323
vdb-entrytechnical-description
https://vuldb.com/?ctiid.332323
signaturepermissions-required
https://vuldb.com/?submit.683345
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

huangweigang (VulDB User)
JSON
.
CVE-2025-13118 : Improper Authorization in Macrozheng Mall-Swarm Affects Payment Processing