Home

Description

An XML External Entity (XXE) vulnerability in the /mall/wxpay/pay component of uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying crafted XML data.

PUBLISHED Reserved 2025-09-26 | Published 2025-10-08 | Updated 2025-10-08 | Assigner mitre

References

github.com/ChangeYourWay/post/blob/main/uzy-ssm-mall.md

gist.github.com/...eYourWay/1364b9e78490ebd5cd31bcdc105a914f

cve.org (CVE-2025-60833)

nvd.nist.gov (CVE-2025-60833)

Download JSON