CVE-2025-27130

Published Apr 1, 2025

Last updated 4 days ago

CVSS medium 6.3

Overview

Description
Welcart e-Commerce 2.11.6 and earlier versions contains an untrusted data deserialization vulnerability. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker who can access websites created using the product.
Source
vultures@jpcert.or.jp
NVD status
Awaiting Analysis

Risk scores

CVSS 3.0

Type
Secondary
Base score
6.3
Impact score
3.4
Exploitability score
2.8
Vector string
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Severity
MEDIUM

Weaknesses

vultures@jpcert.or.jp
CWE-502

Social media

Hype score
Not currently trending

References