CVE-2025-10287
LOWDescription
A vulnerability has been found in roncoo roncoo-pay up to 9428382af21cd5568319eae7429b7e1d0332ff40. The affected element is an unknown function of the file /auth/orderQuery. Such manipulation of the argument orderNo leads to direct request. The attack may be performed from remote. A high complexity level is associated with this attack. The exploitability is described as difficult. The exploit has been disclosed to the public and may be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS v3.1 Score
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2025-10287? +
How severe is CVE-2025-10287? +
How do I check if I'm vulnerable to CVE-2025-10287? +
Related Vulnerabilities
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, exposes web-accessible file paths that are not protected by an authorization scheme. An unauthenticated …
Improper permission control vulnerability in the OXARI ServiceDesk application could allow an attacker using a guest access or an unprivileged …
Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to sensitive information.
In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) an unauthorised user can view configuration files by directly …
Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the …
Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote attacker to …