CVE-2025-60834

Medium CVSS: 6.5

A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input.

Vendor

Product

CWE

Yayın Tarihi

2025-10-08 15:16:24

Güncelleme

2025-10-10 16:16:03

Source Identifier

cve@mitre.org

KEV Date Added

CWE-502 Uzy-ssm-mall MEDIUM Ghostxbh 2025

https://gist.github.com/ChangeYourWay/5f2b0100b167edf868dd702c0fa3cc35 https://github.com/ChangeYourWay/post/blob/main/uzy-ssm-mall2.md

Medium

CVE-2025-60833

An XML External Entity (XXE) vulnerability in the /mall/wxpay/pay component of uzy-ssm-mall v1.1.0 allows attackers to e…

Medium

CVE-2025-3561

A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0. It has been classified as problematic. Affected is an unknown…

Medium

CVE-2025-3560

A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0 and classified as problematic. This issue affects some unknown…

Medium

CVE-2025-3558

A vulnerability, which was classified as critical, was found in ghostxbh uzy-ssm-mall 1.0.0. This affects an unknown par…

Medium

CVE-2025-3559

A vulnerability has been found in ghostxbh uzy-ssm-mall 1.0.0 and classified as critical. This vulnerability affects the…