What is CVE-2026-25858?

CVE-2026-25858 is a critical-severity vulnerability in Macrozheng Mall, classified under Weak Password Recovery Mechanism for Forgotten Password. CVSS score: 9.1/10. Published 2026-02-07.

How severe is CVE-2026-25858?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Vulnerability in Macrozheng Mall

CVE-2026-25858

macrozheng mall version 1.0.3 and prior contains an authentication vulnerability in the mall-portal password reset workflow that allows an unauthenticated attacker to reset arbitrary user account passwords using only a victim’s telephone n…

EPSS: 0.004 (57.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N.

Affected products

Macrozheng Mall — versions 0

Weakness classification (CWE)

CWE-640 — Weak Password Recovery Mechanism for Forgotten Password

References

github.com/macrozheng/mall/issues/946 (issue-tracking)
www.macrozheng.com/ (product)
www.vulncheck.com/advisories/macrozheng-mall-unauthenticated-password-reset-via… (third-party-advisory)

Frequently asked questions

What is CVE-2026-25858?: CVE-2026-25858 is a critical-severity vulnerability in Macrozheng Mall, classified under Weak Password Recovery Mechanism for Forgotten Password. CVSS score: 9.1/10. Published 2026-02-07.
How severe is CVE-2026-25858?: Critical severity. CVSS v3 base score is 9.1 out of 10.