Medium severity5.4NVD Advisory· Published Mar 7, 2025· Updated Jun 17, 2026
CVE-2025-2089
CVE-2025-2089
Description
A vulnerability has been found in StarSea99 starsea-mall 1.0/2.X and classified as critical. Affected by this vulnerability is the function updateUserInfo of the file /personal/updateInfo of the component com.siro.mall.controller.mall.UserController. The manipulation of the argument userId leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
21.0/2.X+ 1 more
- (no CPE)range: 1.0/2.X
- (no CPE)range: 1.0
Patches
Vulnerability mechanics
References
4- wiki.shikangsi.com/post/share/baecf028-1116-4600-ae9c-f655cc93c29bnvdExploitThird Party Advisory
- vuldb.comnvdThird Party AdvisoryVDB Entry
- vuldb.comnvdThird Party AdvisoryVDB Entry
- vuldb.comnvdPermissions RequiredVDB Entry
News mentions
0No linked articles in our index yet.