Weak Password Requirements in Macrozheng Mall Registration Component
CVE-2025-9514

6.3MEDIUM

Key Information:

Vendor

Macrozheng

Status
Mall
Vendor
CVE Published:
27 August 2025

What is CVE-2025-9514?

A vulnerability in the registration component of Macrozheng Mall versions up to 1.0.3 allows for weak password requirements. This introduces potential security risks as attackers could exploit these weak passwords remotely. The complexity of the attack is high due to the sophisticated nature of the exploitation involved. The vendor has removed related discussions from GitHub, leaving users without crucial guidance on addressing this issue.

Affected Version(s)

mall 1.0.0

mall 1.0.1

mall 1.0.2

References

https://vuldb.com/?id.321507
vdb-entry
https://vuldb.com/?ctiid.321507
signaturepermissions-required
https://vuldb.com/?submit.635503
third-party-advisory

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

ez-lbz (VulDB User)
JSON
.
CVE-2025-9514 : Weak Password Requirements in Macrozheng Mall Registration Component