CVE-2025-4136: Weitong Mall Sale Endpoint improper authorization
First published: Wed Apr 30 2025(Updated: )
A vulnerability was found in Weitong Mall 1.0.0. It has been classified as critical. This affects an unknown part of the component Sale Endpoint. The manipulation of the argument ID leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Weitong Mall |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-4136?
CVE-2025-4136 is classified as a critical vulnerability.
What component is affected by CVE-2025-4136?
The vulnerability affects an unknown part of the Sale Endpoint component in Weitong Mall.
What type of vulnerability is CVE-2025-4136?
CVE-2025-4136 is an improper authorization vulnerability that can be exploited remotely.
How can CVE-2025-4136 be exploited?
An attacker can exploit CVE-2025-4136 by manipulating the argument ID.
How do I fix CVE-2025-4136?
To fix CVE-2025-4136, you should implement proper authorization checks for the Sale Endpoint.
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- agent/author
- agent/event
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/weitong
- canonical/weitong mall