{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-10423","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-09-14T06:32:53.625Z","datePublished":"2025-09-15T03:02:05.834Z","dateUpdated":"2025-09-15T17:10:21.301Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-09-15T03:02:05.834Z"},"title":"newbee-mall kaptcha mallKaptcha Captcha","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-804","lang":"en","description":"Guessable CAPTCHA"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-287","lang":"en","description":"Improper Authentication"}]}],"affected":[{"vendor":"n/a","product":"newbee-mall","versions":[{"version":"1.0","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in newbee-mall 1.0. Impacted is the function mallKaptcha of the file /common/mall/kaptcha. The manipulation results in guessable captcha. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is considered difficult. The exploit has been made public and could be used."},{"lang":"de","value":"Es wurde eine Schwachstelle in newbee-mall 1.0 entdeckt. Das betrifft die Funktion mallKaptcha der Datei /common/mall/kaptcha. Durch das Beeinflussen mit unbekannten Daten kann eine guessable captcha-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Die Komplexität eines Angriffs ist eher hoch. Die Ausführung eines Exploits gilt als schwer. Die Schwachstelle wurde öffentlich offengelegt und könnte ausgenutzt werden."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":6.3,"vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":3.7,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R","baseSeverity":"LOW"}},{"cvssV3_0":{"version":"3.0","baseScore":3.7,"vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R","baseSeverity":"LOW"}},{"cvssV2_0":{"version":"2.0","baseScore":2.6,"vectorString":"AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-09-14T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-09-14T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-09-14T08:37:57.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"ez-lbz (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.323857","name":"VDB-323857 | newbee-mall kaptcha mallKaptcha Captcha","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.323857","name":"VDB-323857 | CTI Indicators (IOB, IOC, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.647066","name":"Submit #647066 | newbee-ltd newbee-mall V1.0 Guessable CAPTCHA","tags":["third-party-advisory"]},{"url":"https://github.com/newbee-ltd/newbee-mall/issues/101","tags":["issue-tracking"]},{"url":"https://github.com/newbee-ltd/newbee-mall/issues/101#issue-3380163659","tags":["exploit","issue-tracking"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-09-15T17:10:00.457111Z","id":"CVE-2025-10423","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-09-15T17:10:21.301Z"}}]}}