CVE-2025-5136
Problematic vulnerability in Tmall Demo
Overview
A problematic vulnerability was found in Tmall Demo. It affects an unknown part of the file /tmall/order/pay/ of the component Payment Identifier Handler. The issue leads to insufficiently random values.
Technical Details
The manipulation of the process leads to insufficiently random values, compromising the security of transactions. The exploit is considered rather high and requires no user interaction. The vendor was informed but did not respond.
CVSS Metrics
- Base Score: 6.3
- Attack Vector: NETWORK
- Attack Complexity: HIGH
- Privileges Required: NONE
- User Interaction: NONE
- Confidentiality Impact: LOW
- Integrity Impact: NONE
Impact
The vulnerability could lead to potential security risks as the insufficiently random values could compromise transaction security. However, the high complexity of the attack reduces its likelihood.
Recommendations
Users are advised to limit the interaction with the vulnerable component until a fix is made available. Regular update of systems is also recommended.
Threat Metrics
- "cvss_score": 6.3
- "severity": "MEDIUM"
- "attack_vector": "NETWORK"
- "attack_complexity": "HIGH"