CVE-2025-10287
BaseFortify
Publication date: 2025-09-12
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| roncoo | roncoo-pay | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-425 | The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the roncoo-pay system, specifically in an unknown function within the /auth/orderQuery file. It involves manipulation of the argument 'orderNo' which leads to a direct request. The attack can be performed remotely but requires high complexity and is difficult to exploit. The vulnerability has been publicly disclosed.
How can this vulnerability impact me? :
The vulnerability allows an attacker to manipulate the 'orderNo' argument to make direct requests remotely. Although the exploitability is difficult and the impact on confidentiality is partial, it could potentially expose some information related to orders. The overall impact is limited as the integrity and availability are not affected.