Share:

CVE-2025-28399 - Exrick Xmall

April 15, 2025

Critical 9.8

An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the updateAddress method of the Address Controller class.

Affected software

Exrick Xmall

Reference links

https://github.com/20210607/cve_public/blob/main/CVE-2025-28399.md

Get alerted to vulnerabilities in your software

CVE alerts, vulnerability alerts, latest versions and news matched to your software stack.