Critical severity9.8NVD Advisory· Published Apr 15, 2025· Updated Jun 17, 2026
CVE-2025-28399
CVE-2025-28399
Description
An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the updateAddress method of the Address Controller class.
Affected products
2- Erick/xmalldescription
Patches
Vulnerability mechanics
References
1- github.com/20210607/cve_public/blob/main/CVE-2025-28399.mdnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.