CVE-2025-12304
BaseFortify
Publication date: 2025-10-27
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dulaiduwang003 | time-sea-plus | * |
| dulaiduwang003 | time-sea-plus | 2.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the dulaiduwang003 TIME-SEA-PLUS software, specifically in the alipayIsSucceed function of the PayController.java file within the Order Status Handler component. It allows improper authorization due to manipulation, meaning an attacker with some privileges can remotely exploit this flaw to bypass proper authorization checks.
How can this vulnerability impact me? :
The vulnerability can lead to improper authorization, potentially allowing an attacker to perform actions or access information they should not be authorized to. Since remote exploitation is possible, this could result in unauthorized access or manipulation of order status information, impacting the integrity and trustworthiness of the system.