cbcvebase.
CVE-2025-27130
published 2025-04-01

CVE-2025-27130: Welcart e-Commerce 2.11.6 and earlier versions contains an untrusted data deserialization vulnerability. If this vulnerability is exploited, arbitrary code may…

PriorityP355high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
0.40%
31.9th percentile
Welcart e-Commerce 2.11.6 and earlier versions contains an untrusted data deserialization vulnerability. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker who can access websites created using the product.

Affected

2 ranges
VendorProductVersion rangeFixed in
welcartwelcart_e-commerce<= 2.11.6
welcart_incwelcart_e-commerce

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv3.06.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.