CVE-2025-10423

low-risk

Published 2025-09-15

A vulnerability was found in newbee-mall 1.0. Impacted is the function mallKaptcha of the file /common/mall/kaptcha. The manipulation results in guessable captcha. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is considered difficult. The exploit has been made public and could be used.

Do I need to act?

0.05% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.7/10 Low

NETWORK / HIGH complexity

Affected Products (1)

Newbee-Mall

Affected Vendors

Newbee-Mall Project

References (5)

Exploit https://github.com/newbee-ltd/newbee-mall/issues/101

Exploit https://github.com/newbee-ltd/newbee-mall/issues/101#issue-3380163659

Permissions Required https://vuldb.com/?ctiid.323857

Third Party Advisory https://vuldb.com/?id.323857

Third Party Advisory https://vuldb.com/?submit.647066

/ 100

low-risk

Severity 13/34 · Low

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal