What is CVE-2025-8755?

CVE-2025-8755 is a medium-severity vulnerability in Macrozheng Mall, classified under Authorization Bypass Through User-Controlled Key. CVSS score: 5.3/10. Published 2025-08-09.

How severe is CVE-2025-8755?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Is CVE-2025-8755 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Macrozheng Mall

CVE-2025-8755

A vulnerability was found in macrozheng mall up to 1.0.3 and classified as problematic. This issue affects the function detail of the file UmsMemberController.java of the component com.macro.mall.portal.controller. The manipulation of the…

Vulnerability class: IDOR (Insecure Direct Object Reference)

EPSS: 0.001 (23.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R.

Affected products

Macrozheng Mall — versions 1.0.0, 1.0.1, 1.0.2

Weakness classification (CWE)

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

VDB-319253 | macrozheng mall com.macro.mall.portal.controller UmsMemberController.java detail authorization (vdb-entry, technical-description)
VDB-319253 | CTI Indicators (IOB, IOC, IOA) (signature, permissions-required)
Submit #624046 | macrozheng mall 1.0.3 Missing Authorization (third-party-advisory)
github.com/N1n3b9S/cve/issues/14 (issue-tracking)
github.com/N1n3b9S/cve/issues/14 (exploit, issue-tracking)

Frequently asked questions

What is CVE-2025-8755?: CVE-2025-8755 is a medium-severity vulnerability in Macrozheng Mall, classified under Authorization Bypass Through User-Controlled Key. CVSS score: 5.3/10. Published 2025-08-09.
How severe is CVE-2025-8755?: Medium severity. CVSS v3 base score is 5.3 out of 10.
Is CVE-2025-8755 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.