How severe is CVE-2025-0580?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.6 out of 10.

What type of vulnerability is CVE-2025-0580?

This is classified as CWE-285, which is a common weakness in software security.

CVE-2025-0580 - MEDIUM Severity | CVSS 5.6

Vulnerability Description

A vulnerability was found in Shiprocket Module 3 on OpenCart. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?route=extension/module/rest_api&action=getOrders of the component REST API Module. The manipulation of the argument contentHash leads to incorrect authorization. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2017-8252

MEDIUM

CVSS:5.5(Medium)

Kernel can inject faults in computations during the execution of TrustZone leading to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electr...

CWE-2852017

CVE-2018-9867

MEDIUM

CVSS:5.5(Medium)

In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download ...

CWE-2852018

CVE-2021-21096

MEDIUM

CVSS:5.5(Medium)

Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Improper Authorization vulnerability in the Genuine Software Service. A low-privileged attacker could leverage th...

CWE-2852021

CVE-2021-25382

MEDIUM

CVSS:5.5(Medium)

An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure Folder via debugging command.

CWE-2852021

CVE-2021-25433

MEDIUM

CVSS:5.5(Medium)

Improper authorization vulnerability in Tizen factory reset policy prior to Firmware update JUL-2021 Release allows untrusted applications to perform factory reset using dbus signal.

CWE-2852021

CVE-2021-25459

MEDIUM

CVSS:5.5(Medium)

An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService.

CWE-2852021