CVE-2025-0974: MaxD Lightning Module deserialization
First published: Mon Feb 03 2025(Updated: )
A vulnerability, which was classified as critical, has been found in MaxD Lightning Module 4.43 on OpenCart. This issue affects some unknown processing. The manipulation of the argument li_op/md leads to deserialization. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MaxD Lightning Module | ||
| OpenCart |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-0974?
CVE-2025-0974 is classified as a critical vulnerability.
What does CVE-2025-0974 affect?
CVE-2025-0974 affects the MaxD Lightning Module 4.43 on OpenCart.
How can CVE-2025-0974 be exploited?
CVE-2025-0974 can be exploited remotely through deserialization via manipulated arguments.
What are the consequences of CVE-2025-0974?
Exploitation of CVE-2025-0974 may lead to unauthorized access and potential full system compromise.
How do I fix CVE-2025-0974?
To fix CVE-2025-0974, it is recommended to update to the latest version of the MaxD Lightning Module.
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/weakness
- agent/severity
- agent/references
- agent/title
- agent/last-modified-date
- agent/author
- agent/source
- agent/description
- agent/type
- agent/first-publish-date
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/maxd
- canonical/maxd lightning module
- vendor/opencart
- canonical/opencart