We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-0974

MaxD Lightning Module deserialization



Description

EN DE

A vulnerability, which was classified as critical, has been found in MaxD Lightning Module 4.43 on OpenCart. This issue affects some unknown processing. The manipulation of the argument li_op/md leads to deserialization. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Reserved 2025-02-02 | Published 2025-02-03 | Updated 2025-02-12 | Assigner VulDB


LOW: 2.3CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
MEDIUM: 5.0CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
MEDIUM: 5.0CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
4.6AV:N/AC:H/Au:S/C:P/I:P/A:P

Problem types

Deserialization

Improper Input Validation

Product status

4.43
affected

Timeline

2025-02-02:Advisory disclosed
2025-02-02:VulDB entry created
2025-02-02:VulDB entry last update

Credits

mcdruid (VulDB User) reporter

References

vuldb.com/?id.294365 (VDB-294365 | MaxD Lightning Module deserialization) vdb-entry technical-description

vuldb.com/?ctiid.294365 (VDB-294365 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.489672 (Submit #489672 | devs.mx OpenCart Lightning 4.43 Deserialization of Untrusted Data) third-party-advisory

gist.github.com/mcdruid/f8153d7d535c0fcba920e83a64953d4e exploit

cve.org (CVE-2025-0974)

nvd.nist.gov (CVE-2025-0974)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2025-0974

Support options

Helpdesk Chat, Email, Knowledgebase
MonTueWedThuFriSatSun
242526272812345678910111213141516171819202122232425262728293031123456
MonTueWedThuFriSatSun
242526272812345678910111213141516171819202122232425262728293031123456