CVE-2025-9797

low-risk

Published 2025-09-01

A vulnerability was determined in mrvautin expressCart up to b31302f4e99c3293bd742c6d076a721e168118b0. This impacts an unknown function of the file /admin/product/edit/ of the component Edit Product Page. This manipulation causes injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 2.4/10 Low

NETWORK / LOW complexity

References (5)

https://github.com/mrvautin/expressCart/issues/288

https://github.com/mrvautin/expressCart/issues/288#issue-3287867610

https://vuldb.com/?ctiid.322112

https://vuldb.com/?id.322112

https://vuldb.com/?submit.641127

/ 100

low-risk

Severity 13/34 · Low

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal