Common Weakness Enumeration

CWE-362

Allowed-with-Review

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Abstraction: Class · Status: Draft

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

2901 vulnerabilities reference this CWE, most recent first.

CVE-2025-15242 (GCVE-0-2025-15242)

Vulnerability from cvelistv5 – Published: 2025-12-30 09:32 – Updated: 2026-02-24 06:15
VLAI
Title
PHPEMS Coupon race condition
Summary
A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function of the component Coupon Handler. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is regarded as difficult. The exploit is now public and may be used.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a PHPEMS Affected: 11.0
    cpe:2.3:a:phpems:phpems:*:*:*:*:*:*:*:*
Credits
byebyedoggy (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-15242",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-30T16:00:33.509338Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-30T16:00:48.345Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:phpems:phpems:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "Coupon Handler"
          ],
          "product": "PHPEMS",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "11.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "byebyedoggy (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function of the component Coupon Handler. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is regarded as difficult. The exploit is now public and may be used."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 2.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 2.1,
            "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "Race Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-24T06:15:47.302Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-338632 | PHPEMS Coupon race condition",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.338632"
        },
        {
          "name": "VDB-338632 | CTI Indicators (IOB, IOC)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.338632"
        },
        {
          "name": "Submit #725661 | PHPEMS \u003c=11.0 Race Condition",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.725661"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://byebydoggy.github.io/post/2025/1229-phpems-coupon-recharge-race-condition-poc/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-12-29T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-12-29T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-12-30T12:58:26.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "PHPEMS Coupon race condition"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-15242",
    "datePublished": "2025-12-30T09:32:07.221Z",
    "dateReserved": "2025-12-29T08:16:05.639Z",
    "dateUpdated": "2026-02-24T06:15:47.302Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-15116 (GCVE-0-2025-15116)

Vulnerability from cvelistv5 – Published: 2025-12-28 02:02 – Updated: 2026-02-24 06:06
VLAI
Title
OpenCart Single-Use Coupon race condition
Summary
A security flaw has been discovered in OpenCart up to 4.1.0.3. Affected by this issue is some unknown functionality of the component Single-Use Coupon Handler. Performing a manipulation results in race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a OpenCart Affected: 4.1.0.0
Affected: 4.1.0.1
Affected: 4.1.0.2
Affected: 4.1.0.3
    cpe:2.3:a:opencart:opencart:*:*:*:*:*:*:*:*
Credits
KhanMarshal (VulDB User) VulDB
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-15116",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-29T16:38:12.484495Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-29T16:38:27.409Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:opencart:opencart:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "Single-Use Coupon Handler"
          ],
          "product": "OpenCart",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "4.1.0.0"
            },
            {
              "status": "affected",
              "version": "4.1.0.1"
            },
            {
              "status": "affected",
              "version": "4.1.0.2"
            },
            {
              "status": "affected",
              "version": "4.1.0.3"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "KhanMarshal (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security flaw has been discovered in OpenCart up to 4.1.0.3. Affected by this issue is some unknown functionality of the component Single-Use Coupon Handler. Performing a manipulation results in race condition. The attack may be initiated remotely. The attack\u0027s complexity is rated as high. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 2.6,
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "Race Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-24T06:06:09.491Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-338494 | OpenCart Single-Use Coupon race condition",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.338494"
        },
        {
          "name": "VDB-338494 | CTI Indicators (IOB, IOC)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.338494"
        },
        {
          "name": "Submit #711745 | OpenCart 4.1.0.3 Time-of-check Time-of-use",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.711745"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://gist.github.com/KhanMarshaI/a55f125a55de1c0d4f41e66236027e01"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://gist.github.com/KhanMarshaI/a55f125a55de1c0d4f41e66236027e01#steps-to-reproduce"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-12-27T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-12-27T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-01-09T22:16:50.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "OpenCart Single-Use Coupon race condition"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-15116",
    "datePublished": "2025-12-28T02:02:06.876Z",
    "dateReserved": "2025-12-27T08:41:00.853Z",
    "dateUpdated": "2026-02-24T06:06:09.491Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-13231 (GCVE-0-2025-13231)

Vulnerability from cvelistv5 – Published: 2025-12-16 08:20 – Updated: 2026-04-08 17:20
VLAI
Title
Fancy Product Designer | WooCommerce WordPress <= 6.4.8 - Unauthenticated Server-Side Request Forgery via Race Condition
Summary
The Fancy Product Designer plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.4.8. This is due to a time-of-check/time-of-use (TOCTOU) race condition in the 'url' parameter of the fpd_custom_uplod_file AJAX action. The plugin validates the URL by calling getimagesize() first, then later retrieves the same URL using file_get_contents(). This makes it possible for unauthenticated attackers to exploit the timing gap to perform SSRF attacks by serving a valid image during validation, then changing the response to redirect to arbitrary internal or external URLs during the actual fetch.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
Impacted products
Vendor Product Version
radykal Fancy Product Designer Affected: 0 , ≤ 6.4.8 (semver)
Create a notification for this product.
Credits
Muhammad Zeeshan
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-13231",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-16T21:35:15.948131Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-16T21:35:23.929Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Fancy Product Designer",
          "vendor": "radykal",
          "versions": [
            {
              "lessThanOrEqual": "6.4.8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Muhammad Zeeshan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Fancy Product Designer plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.4.8. This is due to a time-of-check/time-of-use (TOCTOU) race condition in the \u0027url\u0027 parameter of the fpd_custom_uplod_file AJAX action. The plugin validates the URL by calling getimagesize() first, then later retrieves the same URL using file_get_contents(). This makes it possible for unauthenticated attackers to exploit the timing gap to perform SSRF attacks by serving a valid image during validation, then changing the response to redirect to arbitrary internal or external URLs during the actual fetch."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T17:20:53.251Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c56ec6ae-5b75-4cbb-aedd-f318fddc7bf0?source=cve"
        },
        {
          "url": "https://support.fancyproductdesigner.com/support/discussions/topics/13000036024"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-11-19T16:29:24.000Z",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2025-12-15T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Fancy Product Designer | WooCommerce WordPress \u003c= 6.4.8 - Unauthenticated Server-Side Request Forgery via Race Condition"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2025-13231",
    "datePublished": "2025-12-16T08:20:24.492Z",
    "dateReserved": "2025-11-15T02:26:51.064Z",
    "dateUpdated": "2026-04-08T17:20:53.251Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-13036 (GCVE-0-2025-13036)

Vulnerability from cvelistv5 – Published: 2026-06-16 13:50 – Updated: 2026-06-16 15:26
VLAI
Title
Rockwell Automation FactoryTalk Historian Site Edition - Authentication Bypass
Summary
An authentication bypass security issue exists within FactoryTalk Historian Site Edition. By continually sending requests to the login endpoint, an attacker may obtain a valid authentication token.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
Impacted products
Date Public
2026-06-16 13:44
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-13036",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-16T15:26:12.135366Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-16T15:26:21.599Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FactoryTalk Historian SE",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "v11"
            }
          ]
        }
      ],
      "datePublic": "2026-06-16T13:44:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An authentication\nbypass security issue exists within FactoryTalk Historian Site Edition. By\ncontinually sending requests to the login endpoint, an attacker may obtain a\nvalid authentication token.\u0026nbsp;"
            }
          ],
          "value": "An authentication\nbypass security issue exists within FactoryTalk Historian Site Edition. By\ncontinually sending requests to the login endpoint, an attacker may obtain a\nvalid authentication token."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 9.2,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-16T13:50:11.944Z",
        "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "shortName": "Rockwell"
      },
      "references": [
        {
          "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1773.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Upgrade to v12.00.00 and later\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e"
            }
          ],
          "value": "Upgrade to v12.00.00 and later"
        }
      ],
      "source": {
        "advisory": "SD1773",
        "discovery": "INTERNAL"
      },
      "title": "Rockwell Automation FactoryTalk Historian Site Edition - Authentication Bypass",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
    "assignerShortName": "Rockwell",
    "cveId": "CVE-2025-13036",
    "datePublished": "2026-06-16T13:50:11.944Z",
    "dateReserved": "2025-11-11T17:55:24.504Z",
    "dateUpdated": "2026-06-16T15:26:21.599Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-12472 (GCVE-0-2025-12472)

Vulnerability from cvelistv5 – Published: 2025-11-19 10:27 – Updated: 2025-11-19 16:24
VLAI
Title
Remote Code Execution in Looker due to Improperly Validated Directory Deletion
Summary
An attacker with a Looker Developer role could manipulate a LookML project to exploit a race condition during Git directory deletion, leading to arbitrary command execution on the Looker instance. Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for Looker-hosted instances. No user action is required for these. Self-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted. The versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page https://download.looker.com/ : * 24.12.103+ * 24.18.195+ * 25.0.72+ * 25.6.60+ * 25.8.42+ * 25.10.22+
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
Impacted products
Vendor Product Version
Google Cloud Looker Affected: 0 , < 24.12.103 (date)
Affected: 0 , < 24.18.195 (date)
Affected: 0 , < 25.0.72 (date)
Affected: 0 , < 25.6.60 (date)
Affected: 0 , < 25.8.42 (date)
Affected: 0 , < 25.10.22 (date)
Create a notification for this product.
Credits
RyotaK of GMO Flatt Security Inc.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-12472",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-19T16:20:20.583208Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-19T16:24:04.479Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Looker-hosted"
          ],
          "product": "Looker",
          "vendor": "Google Cloud",
          "versions": [
            {
              "lessThan": "24.12.103",
              "status": "affected",
              "version": "0",
              "versionType": "date"
            },
            {
              "lessThan": "24.18.195",
              "status": "affected",
              "version": "0",
              "versionType": "date"
            },
            {
              "lessThan": "25.0.72",
              "status": "affected",
              "version": "0",
              "versionType": "date"
            },
            {
              "lessThan": "25.6.60",
              "status": "affected",
              "version": "0",
              "versionType": "date"
            },
            {
              "lessThan": "25.8.42",
              "status": "affected",
              "version": "0",
              "versionType": "date"
            },
            {
              "lessThan": "25.10.22",
              "status": "affected",
              "version": "0",
              "versionType": "date"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Self-hosted"
          ],
          "product": "Looker",
          "vendor": "Google Cloud",
          "versions": [
            {
              "lessThan": "24.12.103",
              "status": "affected",
              "version": "0",
              "versionType": "date"
            },
            {
              "lessThan": "24.18.195",
              "status": "affected",
              "version": "0",
              "versionType": "date"
            },
            {
              "lessThan": "25.0.72",
              "status": "affected",
              "version": "0",
              "versionType": "date"
            },
            {
              "lessThan": "25.6.60",
              "status": "affected",
              "version": "0",
              "versionType": "date"
            },
            {
              "lessThan": "25.8.42",
              "status": "affected",
              "version": "0",
              "versionType": "date"
            },
            {
              "lessThan": "25.10.22",
              "status": "affected",
              "version": "0",
              "versionType": "date"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "RyotaK of GMO Flatt Security Inc."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An attacker with a Looker Developer role could manipulate a LookML project to exploit a race condition during Git directory deletion, leading to arbitrary command execution on the Looker instance.\u003cbr\u003e\u003cbr\u003e\u003cdiv\u003e\u003c/div\u003eLooker-hosted and Self-hosted were found to be vulnerable.\u003cbr\u003eThis issue has already been mitigated for Looker-hosted instances.\u0026nbsp;No user action is required for these.\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eSelf-hosted instances must be upgraded \u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eas soon as possible\u003c/span\u003e. This vulnerability has been patched in all supported versions of Self-hosted.\u003c/span\u003e\u003cbr\u003e\u003cdiv\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eThe versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://download.looker.com/\"\u003ehttps://download.looker.com/\u003c/a\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e:\u003c/span\u003e\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e24.12.103+\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e24.18.195+\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.0.72+\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.6.60+\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.8.42+\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e25.10.22+\u003cbr\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e"
            }
          ],
          "value": "An attacker with a Looker Developer role could manipulate a LookML project to exploit a race condition during Git directory deletion, leading to arbitrary command execution on the Looker instance.\n\n\n\nLooker-hosted and Self-hosted were found to be vulnerable.\nThis issue has already been mitigated for Looker-hosted instances.\u00a0No user action is required for these.\n\n\nSelf-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted.\nThe versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page  https://download.looker.com/ :\n  *  24.12.103+\n  *  24.18.195+\n  *  25.0.72+\n  *  25.6.60+\n  *  25.8.42+\n  *  25.10.22+"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-26",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-26 Leveraging Race Conditions"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "HIGH",
            "providerUrgency": "RED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Red",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-19T10:27:56.520Z",
        "orgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
        "shortName": "GoogleCloud"
      },
      "references": [
        {
          "url": "https://cloud.google.com/support/bulletins#gcp-2025-052"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Remote Code Execution in Looker due to Improperly Validated Directory Deletion",
      "x_generator": {
        "engine": "Vulnogram 0.4.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
    "assignerShortName": "GoogleCloud",
    "cveId": "CVE-2025-12472",
    "datePublished": "2025-11-19T10:27:56.520Z",
    "dateReserved": "2025-10-29T15:56:30.205Z",
    "dateUpdated": "2025-11-19T16:24:04.479Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-12383 (GCVE-0-2025-12383)

Vulnerability from cvelistv5 – Published: 2025-11-18 15:14 – Updated: 2025-11-18 21:34
VLAI
Title
Race Condition allows Bypass of Trust Restrictions
Summary
In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain conditions, it could lead to unauthorized trust in insecure servers (see PoC)
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
Impacted products
Vendor Product Version
Eclipse Foundation Jersey Affected: 2.45
Affected: 3.0.16
Affected: 3.1.9
Create a notification for this product.
Credits
Dimitri Tenenbaum
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-12383",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-18T21:34:28.248675Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-18T21:34:35.027Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Jersey",
          "repo": "https://github.com/eclipse-ee4j/jersey",
          "vendor": "Eclipse Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "2.45"
            },
            {
              "status": "affected",
              "version": "3.0.16"
            },
            {
              "status": "affected",
              "version": "3.1.9"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Dimitri Tenenbaum"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain conditions, it could lead to unauthorized trust in insecure servers (see PoC)"
            }
          ],
          "value": "In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain conditions, it could lead to unauthorized trust in insecure servers (see PoC)"
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-18T15:14:37.765Z",
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse"
      },
      "references": [
        {
          "url": "https://gitlab.eclipse.org/security/cve-assignment/-/issues/74"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Race Condition allows Bypass of Trust Restrictions",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "cveId": "CVE-2025-12383",
    "datePublished": "2025-11-18T15:14:37.765Z",
    "dateReserved": "2025-10-28T10:21:45.989Z",
    "dateUpdated": "2025-11-18T21:34:35.027Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-11637 (GCVE-0-2025-11637)

Vulnerability from cvelistv5 – Published: 2025-10-12 16:32 – Updated: 2025-10-16 05:39
VLAI
Title
Tomofun Furbo 360 Audio race condition
Summary
A vulnerability was detected in Tomofun Furbo 360 up to FB0035_FW_036. Impacted is an unknown function of the component Audio Handler. Performing manipulation results in race condition. The attack is possible to be carried out remotely. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://vuldb.com/?id.328048 vdb-entrytechnical-description
https://vuldb.com/?ctiid.328048 signaturepermissions-required
https://vuldb.com/?submit.661362 third-party-advisory
Impacted products
Vendor Product Version
Tomofun Furbo 360 Affected: FB0035_FW_036
Create a notification for this product.
Credits
Calvin Star (Software Secured) Julian B (Software Secured) jTag Labs (VulDB User) jTag Labs (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-11637",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-14T15:06:38.667217Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-14T15:06:45.540Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Audio Handler"
          ],
          "product": "Furbo 360",
          "vendor": "Tomofun",
          "versions": [
            {
              "status": "affected",
              "version": "FB0035_FW_036"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Calvin Star (Software Secured)"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Julian B (Software Secured)"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "jTag Labs (VulDB User)"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "jTag Labs (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was detected in Tomofun Furbo 360 up to FB0035_FW_036. Impacted is an unknown function of the component Audio Handler. Performing manipulation results in race condition. The attack is possible to be carried out remotely. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Eine Schwachstelle wurde in Tomofun Furbo 360 up to FB0035_FW_036 gefunden. Es ist betroffen eine unbekannte Funktion der Komponente Audio Handler. Dank der Manipulation mit unbekannten Daten kann eine race condition-Schwachstelle ausgenutzt werden. Es ist m\u00f6glich, den Angriff aus der Ferne durchzuf\u00fchren."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:X",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:X",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 4,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:ND",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "Race Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-16T05:39:49.182Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-328048 | Tomofun Furbo 360 Audio race condition",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.328048"
        },
        {
          "name": "VDB-328048 | CTI Indicators (IOB, IOC)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.328048"
        },
        {
          "name": "Submit #661362 | Tomofun Furbo 360 \u2264 FB0035_FW_036 Race Condition",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.661362"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-05-15T20:00:00.000Z",
          "value": "Vulnerability found"
        },
        {
          "lang": "en",
          "time": "2025-06-21T23:00:00.000Z",
          "value": "Vendor informed"
        },
        {
          "lang": "en",
          "time": "2025-07-03T04:30:00.000Z",
          "value": "Vendor acknowledged"
        },
        {
          "lang": "en",
          "time": "2025-10-11T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-10-11T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-10-16T07:44:45.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tomofun Furbo 360 Audio race condition"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-11637",
    "datePublished": "2025-10-12T16:32:06.156Z",
    "dateReserved": "2025-10-11T18:32:31.274Z",
    "dateUpdated": "2025-10-16T05:39:49.182Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-10778 (GCVE-0-2025-10778)

Vulnerability from cvelistv5 – Published: 2025-09-22 02:32 – Updated: 2025-09-22 15:55
VLAI
Title
Smartstore Gift Voucher confirm race condition
Summary
A vulnerability has been found in Smartstore up to 6.2.0. The affected element is an unknown function of the file /checkout/confirm/ of the component Gift Voucher Handler. The manipulation leads to race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is described as difficult. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://vuldb.com/?id.325134 vdb-entry
https://vuldb.com/?ctiid.325134 signaturepermissions-required
https://vuldb.com/?submit.640785 third-party-advisory
Impacted products
Vendor Product Version
n/a Smartstore Affected: 6.0
Affected: 6.1
Affected: 6.2.0
Credits
kkc73 (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-10778",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-22T15:55:00.096174Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-22T15:55:06.599Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Gift Voucher Handler"
          ],
          "product": "Smartstore",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.1"
            },
            {
              "status": "affected",
              "version": "6.2.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "kkc73 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in Smartstore up to 6.2.0. The affected element is an unknown function of the file /checkout/confirm/ of the component Gift Voucher Handler. The manipulation leads to race condition. The attack may be initiated remotely. The attack\u0027s complexity is rated as high. The exploitability is described as difficult. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "In Smartstore bis 6.2.0 wurde eine Schwachstelle gefunden. Es betrifft eine unbekannte Funktion der Datei /checkout/confirm/ der Komponente Gift Voucher Handler. Die Ver\u00e4nderung resultiert in race condition. Der Angriff kann remote ausgef\u00fchrt werden. Das Durchf\u00fchren eines Angriffs ist mit einer relativ hohen Komplexit\u00e4t verbunden. Das Ausnutzen gilt als schwierig."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 2.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:X",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:X",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 2.1,
            "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N/E:ND/RL:ND/RC:ND",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "Race Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-22T02:32:05.702Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-325134 | Smartstore Gift Voucher confirm race condition",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.325134"
        },
        {
          "name": "VDB-325134 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.325134"
        },
        {
          "name": "Submit #640785 | Smartstore AG Smartstore 6.2.0 Race Condition",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.640785"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-09-21T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-09-21T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-09-21T10:53:45.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Smartstore Gift Voucher confirm race condition"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-10778",
    "datePublished": "2025-09-22T02:32:05.702Z",
    "dateReserved": "2025-09-21T08:48:35.573Z",
    "dateUpdated": "2025-09-22T15:55:06.599Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-10263 (GCVE-0-2025-10263)

Vulnerability from cvelistv5 – Published: 2026-06-09 09:23 – Updated: 2026-07-15 01:27
VLAI
Summary
Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
  • CWE-266 - Incorrect Privilege Assignment
Assigner
Arm
Impacted products
Vendor Product Version
Arm C1-Ultra Affected: 0
Create a notification for this product.
Arm C1-Premium Affected: 0
Create a notification for this product.
Arm Neoverse V3 Affected: 0
Create a notification for this product.
Arm Neoverse V3AE Affected: 0
Create a notification for this product.
Arm Neoverse V1 Affected: 0
Create a notification for this product.
Arm Neoverse N2 Affected: 0
Create a notification for this product.
Arm Neoverse N1 Affected: 0
Create a notification for this product.
Arm Cortex-X925 Affected: 0
Create a notification for this product.
Arm Cortex-X4 Affected: 0
Create a notification for this product.
Arm Cortex-X3 Affected: 0
Create a notification for this product.
Arm Cortex-X2 Affected: 0
Create a notification for this product.
Arm Cortex-X1 Affected: 0
Create a notification for this product.
Arm Cortex-X1C Affected: 0
Create a notification for this product.
Arm Cortex-A710 Affected: 0
Create a notification for this product.
Arm Cortex-A78 Affected: 0
Create a notification for this product.
Arm Cortex-A78AE Affected: 0
Create a notification for this product.
Arm Cortex-A78C Affected: 0
Create a notification for this product.
Arm Cortex-A77 Affected: 0
Create a notification for this product.
Arm Cortex-A76 Affected: 0
Create a notification for this product.
Arm Cortex-A76AE Affected: 0
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:6.12.0-211.30.1.el10_2 , < * (rpm)
    cpe:/o:redhat:enterprise_linux:10.2
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-553.140.1.rt7.481.el8_10 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:8::nfv
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-553.140.1.el8_10 , < * (rpm)
    cpe:/o:redhat:enterprise_linux:8
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:5.14.0-687.22.1.el9_8 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:9
    cpe:/o:redhat:enterprise_linux:9
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Create a notification for this product.
Red Hat Red Hat Enterprise Linux for NVIDIA 26     cpe:/a:redhat:enterprise_linux_nvidia:
Create a notification for this product.
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-06-09T16:53:49.813Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://xenbits.xen.org/xsa/advisory-493.html"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/06/09/13"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-10263",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-09T14:11:21.775441Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-09T14:11:48.257Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10.2"
            ],
            "defaultStatus": "affected",
            "packageName": "kernel",
            "product": "Red Hat Enterprise Linux 10",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0:6.12.0-211.30.1.el10_2",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:8::nfv"
            ],
            "defaultStatus": "affected",
            "packageName": "kernel-rt",
            "product": "Red Hat Enterprise Linux 8",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0:4.18.0-553.140.1.rt7.481.el8_10",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:8"
            ],
            "defaultStatus": "affected",
            "packageName": "kernel",
            "product": "Red Hat Enterprise Linux 8",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0:4.18.0-553.140.1.el8_10",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:9",
              "cpe:/o:redhat:enterprise_linux:9"
            ],
            "defaultStatus": "affected",
            "packageName": "kernel",
            "product": "Red Hat Enterprise Linux 9",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0:5.14.0-687.22.1.el9_8",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10"
            ],
            "defaultStatus": "unaffected",
            "packageName": "libkrun",
            "product": "Red Hat Enterprise Linux 10",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:6"
            ],
            "defaultStatus": "unaffected",
            "packageName": "kernel",
            "product": "Red Hat Enterprise Linux 6",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:7"
            ],
            "defaultStatus": "unaffected",
            "packageName": "kernel",
            "product": "Red Hat Enterprise Linux 7",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:7"
            ],
            "defaultStatus": "unaffected",
            "packageName": "kernel-rt",
            "product": "Red Hat Enterprise Linux 7",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:9"
            ],
            "defaultStatus": "affected",
            "packageName": "kernel-rt",
            "product": "Red Hat Enterprise Linux 9",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:enterprise_linux_nvidia:"
            ],
            "defaultStatus": "affected",
            "packageName": "kernel",
            "product": "Red Hat Enterprise Linux for NVIDIA 26",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openshift:4"
            ],
            "defaultStatus": "affected",
            "packageName": "rhcos",
            "product": "Red Hat OpenShift Container Platform 4",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-06-09T09:23:18.802Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in the Linux kernel on ARM processors. A race condition in Translation Lookaside Buffer Invalidation (TLBI) operations during memory permission changes allows a local attacker to write to memory resources owned by higher privilege levels. This could allow an unprivileged local attacker to gain kernel privileges or a guest VM to escape to the hypervisor, resulting in complete system compromise."
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 8.4,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-266",
                "description": "Incorrect Privilege Assignment",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-15T01:27:41.670Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2025-10263"
          },
          {
            "name": "RHBZ#2486958",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2486958"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-10263.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:34911"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:36018"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:36349"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:36348"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:34911: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10), Red Hat Enterprise Linux Real Time (v. 10), Red Hat Enterprise Linux Real Time for NFV (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:36018: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9), Red Hat Enterprise Linux Real Time (v. 9), Red Hat Enterprise Linux Real Time for NFV (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:36349: Red Hat Enterprise Linux BaseOS (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:36348: Red Hat Enterprise Linux NFV (v. 8), Red Hat Enterprise Linux RT (v. 8)"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-06-09T11:01:37.157Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-06-09T09:23:18.802Z",
            "value": "Made public."
          }
        ],
        "title": "kernel: Arm Processors: Privilege escalation or information disclosure via writes to higher exception level resources",
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "C1-Ultra",
          "vendor": "Arm",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "C1-Premium",
          "vendor": "Arm",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Neoverse V3",
          "vendor": "Arm",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Neoverse V3AE",
          "vendor": "Arm",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Neoverse V1",
          "vendor": "Arm",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Neoverse N2",
          "vendor": "Arm",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Neoverse N1",
          "vendor": "Arm",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Cortex-X925",
          "vendor": "Arm",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Cortex-X4",
          "vendor": "Arm",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Cortex-X3",
          "vendor": "Arm",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Cortex-X2",
          "vendor": "Arm",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Cortex-X1",
          "vendor": "Arm",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Cortex-X1C",
          "vendor": "Arm",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Cortex-A710",
          "vendor": "Arm",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Cortex-A78",
          "vendor": "Arm",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Cortex-A78AE",
          "vendor": "Arm",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Cortex-A78C",
          "vendor": "Arm",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Cortex-A77",
          "vendor": "Arm",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Cortex-A76",
          "vendor": "Arm",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Cortex-A76AE",
          "vendor": "Arm",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Arm C1-Ultra, C1-Premium, Neoverse V3 \u0026amp; V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 \u0026amp; X1C, Cortex-A710, Cortex-A78, A78AE \u0026amp; A78C, Cortex-A77, Cortex-A76 \u0026amp; A76A may allow writes to resources owned by a higher exception level."
            }
          ],
          "value": "Arm C1-Ultra, C1-Premium, Neoverse V3 \u0026 V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 \u0026 X1C, Cortex-A710, Cortex-A78, A78AE \u0026 A78C, Cortex-A77, Cortex-A76 \u0026 A76A may allow writes to resources owned by a higher exception level."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-09T09:23:18.802Z",
        "orgId": "56a131ea-b967-4a0d-a41e-5f3549952846",
        "shortName": "Arm"
      },
      "references": [
        {
          "url": "https://developer.arm.com/documentation/112137"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "56a131ea-b967-4a0d-a41e-5f3549952846",
    "assignerShortName": "Arm",
    "cveId": "CVE-2025-10263",
    "datePublished": "2026-06-09T09:23:18.802Z",
    "dateReserved": "2025-09-11T08:50:36.018Z",
    "dateUpdated": "2026-07-15T01:27:41.670Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-10216 (GCVE-0-2025-10216)

Vulnerability from cvelistv5 – Published: 2025-09-10 21:02 – Updated: 2025-09-11 15:33
VLAI
Title
GrandNode Voucher ConfirmOrder race condition
Summary
A vulnerability was detected in GrandNode up to 2.3.0. The impacted element is an unknown function of the file /checkout/ConfirmOrder/ of the component Voucher Handler. The manipulation of the argument giftvouchercouponcode results in race condition. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is regarded as difficult. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://vuldb.com/?id.323485 vdb-entrytechnical-description
https://vuldb.com/?ctiid.323485 signaturepermissions-required
https://vuldb.com/?submit.640784 third-party-advisory
Impacted products
Vendor Product Version
n/a GrandNode Affected: 2.0
Affected: 2.1
Affected: 2.2
Affected: 2.3.0
Credits
kkc73 (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-10216",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-11T15:32:12.670857Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-11T15:33:10.813Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Voucher Handler"
          ],
          "product": "GrandNode",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2.0"
            },
            {
              "status": "affected",
              "version": "2.1"
            },
            {
              "status": "affected",
              "version": "2.2"
            },
            {
              "status": "affected",
              "version": "2.3.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "kkc73 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was detected in GrandNode up to 2.3.0. The impacted element is an unknown function of the file /checkout/ConfirmOrder/ of the component Voucher Handler. The manipulation of the argument giftvouchercouponcode results in race condition. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is regarded as difficult. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in GrandNode bis 2.3.0 entdeckt. Betroffen ist eine unbekannte Verarbeitung der Datei /checkout/ConfirmOrder/ der Komponente Voucher Handler. Dank Manipulation des Arguments giftvouchercouponcode mit unbekannten Daten kann eine race condition-Schwachstelle ausgenutzt werden. Es ist m\u00f6glich, den Angriff aus der Ferne durchzuf\u00fchren. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 2.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 2.6,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 2.6,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 2.1,
            "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "Race Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-10T21:02:05.844Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-323485 | GrandNode Voucher ConfirmOrder race condition",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.323485"
        },
        {
          "name": "VDB-323485 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.323485"
        },
        {
          "name": "Submit #640784 | GrandNode grandnode2 2.3.0 Cross Site Scripting",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.640784"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-09-10T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-09-10T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-09-10T12:53:11.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "GrandNode Voucher ConfirmOrder race condition"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-10216",
    "datePublished": "2025-09-10T21:02:05.844Z",
    "dateReserved": "2025-09-10T10:48:01.840Z",
    "dateUpdated": "2025-09-11T15:33:10.813Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design

In languages that support it, use synchronization primitives. Only wrap these around critical code to minimize the impact on performance.

Mitigation
Architecture and Design

Use thread-safe capabilities such as the data access abstraction in Spring.

Mitigation
Architecture and Design
  • Minimize the usage of shared resources in order to remove as much complexity as possible from the control flow and to reduce the likelihood of unexpected conditions occurring.
  • Additionally, this will minimize the amount of synchronization necessary and may even help to reduce the likelihood of a denial of service where an attacker may be able to repeatedly trigger a critical section (CWE-400).
Mitigation
Implementation

When using multithreading and operating on shared variables, only use thread-safe functions.

Mitigation
Implementation

Use atomic operations on shared variables. Be wary of innocent-looking constructs such as "x++". This may appear atomic at the code layer, but it is actually non-atomic at the instruction layer, since it involves a read, followed by a computation, followed by a write.

Mitigation
Implementation

Use a mutex if available, but be sure to avoid related weaknesses such as CWE-412.

Mitigation
Implementation

Avoid double-checked locking (CWE-609) and other implementation errors that arise when trying to avoid the overhead of synchronization.

Mitigation
Implementation

Disable interrupts or signals over critical parts of the code, but also make sure that the code does not go into a large or infinite loop.

Mitigation
Implementation

Use the volatile type modifier for critical variables to avoid unexpected compiler optimization or reordering. This does not necessarily solve the synchronization problem, but it can help.

Mitigation MIT-17
Architecture and Design Operation

Strategy: Environment Hardening

Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.

CAPEC-26: Leveraging Race Conditions

The adversary targets a race condition occurring when multiple processes access and manipulate the same resource concurrently, and the outcome of the execution depends on the particular order in which the access takes place. The adversary can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance, a race condition can occur while accessing a file: the adversary can trick the system by replacing the original file with their version and cause the system to read the malicious file.

CAPEC-29: Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions

This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by "running the race", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.