Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-27130

Welcart e-Commerce 2.11.6 and earlier versions contains an untrusted data deserialization vulnerability. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker who can access websites created using the product.

Published

2025-04-01T09:15:15.657

Last Modified

2025-07-08T17:09:54.687

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Secondary
CWE-502

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	welcart	welcart_e-commerce	≤ 2.11.6	Yes

References

https://jvn.jp/en/jp/JVN87266215/ Third Party Advisory ([email protected])
https://www.welcart.com/archives/23868.html Release Notes ([email protected])