CVE-2025-12304
dulaiduwang003 TIME-SEA-PLUS Order Status PayController.java alipayIsSucceed improper authorization
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 5.3EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
27 oct 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A vulnerability has been found in dulaiduwang003 TIME-SEA-PLUS up to fb299162f18498dd9cf17da906886d80a077d53b. This affects the function alipayIsSucceed of the file PayController.java of the component Order Status Handler. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
Productos afectados
dulaiduwang003 · TIME-SEA-PLUS¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →