Unrated severityNVD Advisory· Published Sep 22, 2025· Updated Sep 22, 2025
CubeCart Unauthorized Newsletter Unsubscription via force_unsubscribe Parameter
CVE-2025-59413
Description
CubeCart is an ecommerce software solution. Prior to version 6.5.11, a logic flaw exists in the newsletter subscription endpoint that allows an attacker to unsubscribe any user without their consent. By changing the value of the force_unsubscribe parameter in the POST request to 1, an attacker can force the removal of any valid subscriber’s email address. This issue has been patched in version 6.5.11.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cubecart/v6v5Range: < 6.5.11
Patches
Vulnerability mechanics
References
4- github.com/cubecart/v6/commit/7fd1cd04f5d5c3ce1d7980327464f0ff6551de79mitrex_refsource_MISC
- github.com/cubecart/v6/commit/db965fcfa260c4f17eb16f8c5494e5af4a8ac271mitrex_refsource_MISC
- github.com/cubecart/v6/commit/dbc58cf1f7a6291f7add5893b56bff7920a29128mitrex_refsource_MISC
- github.com/cubecart/v6/security/advisories/GHSA-869v-gjv8-9m7fmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.