cbcvebase.
CVE-2025-59413
published 2025-09-22

CVE-2025-59413: CubeCart is an ecommerce software solution. Prior to version 6.5.11, a logic flaw exists in the newsletter subscription endpoint that allows an attacker to…

PriorityP338medium6.5CVSS 3.1
AVNACLPRNUINSUCNILAL
EPSS
0.37%
29.2th percentile
CubeCart is an ecommerce software solution. Prior to version 6.5.11, a logic flaw exists in the newsletter subscription endpoint that allows an attacker to unsubscribe any user without their consent. By changing the value of the force_unsubscribe parameter in the POST request to 1, an attacker can force the removal of any valid subscriber’s email address. This issue has been patched in version 6.5.11.

Affected

2 ranges
VendorProductVersion rangeFixed in
cubecartcubecart< 6.5.116.5.11
cubecartv6< 6.5.116.5.11
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.