Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

Vulnerability IntelligenceCVE-2025-13252

CVE-2025-13252

HIGH7.3

shsuishang ShopSuite ModulithShop RSA/OAuth2/Database hard-coded credentials

Published Nov 16, 2025

Modified 3 months ago

Details

A vulnerability was found in shsuishang ShopSuite ModulithShop up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a. Affected by this issue is some unknown functionality of the component RSA/OAuth2/Database. The manipulation results in hard-coded credentials. The attack can be executed remotely. The exploit has been made public and could be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable.

References

https://github.com/shsuishang/modulithshop/issues/2

https://github.com/shsuishang/modulithshop/issues/2#issue-3580272472

https://vuldb.com/?ctiid.332587

https://vuldb.com/?id.332587

https://vuldb.com/?submit.687685

https://www.cve.org/CVERecord?id=CVE-2025-13252

CVSS Analysis

CVSS v4.0

6.9

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Attack Requirements

NoneAT:N

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Vulnerable System

Vuln. Confidentiality

LowVC:L

Vuln. Integrity

LowVI:L

Vuln. Availability

LowVA:L

Subsequent System

Subseq. Confidentiality

NoneSC:N

Subseq. Integrity

NoneSI:N

Subseq. Availability

NoneSA:N

6.9/CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Weakness Type (CWE)

Other

Ecosystems

Timeline

PublishedNov 16, 2025

ModifiedNov 17, 2025

CVE-2025-13252 | Mondoo Vulnerability Intelligence