CVE-2025-8991
Published: 15 August 2025
Summary
CVE-2025-8991 is a low-severity an unspecified weakness vulnerability in Linlinjava Litemall. Its CVSS base score is 2.1 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique Stored Data Manipulation (T1565.001); ranked in the top 39.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-24958
Vulnerability details
A vulnerability was identified in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file /admin/config/express of the component Business Logic Handler. The manipulation of the argument litemall_express_freight_min leads to business logic errors. The…
more
attack can be launched remotely. The exploit has been disclosed to the public and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The business logic vulnerability enables manipulation of the stored configuration parameter 'litemall_express_freight_min' to negative values via the remote admin endpoint, facilitating stored data manipulation to cause economic losses.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.