CVE-2025-13252
BaseFortify
Publication date: 2025-11-16
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| shsuishang | modulithshop | * |
| shsuishang | modulithshop | 1.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-259 | The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components. |
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the shsuishang ShopSuite ModulithShop product, specifically in an unknown functionality of the RSA/OAuth2/Database component. It involves hard-coded credentials that can be exploited remotely. The presence of hard-coded credentials means attackers can potentially gain unauthorized access without needing to bypass authentication mechanisms. The exploit has been made public, increasing the risk of attacks.
How can this vulnerability impact me? :
The vulnerability can allow remote attackers to exploit hard-coded credentials, potentially leading to unauthorized access to the system. This can result in data breaches, unauthorized actions, and compromise of system integrity and confidentiality.