CVE-2025-59413

Source
https://cve.org/CVERecord?id=CVE-2025-59413
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59413.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-59413
Aliases
  • GHSA-869v-gjv8-9m7f
Published
2025-09-22T16:15:00.351Z
Modified
2026-07-15T01:49:07.696011354Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVSS Calculator
Summary
CubeCart Unauthorized Newsletter Unsubscription via force_unsubscribe Parameter
Details

CubeCart is an ecommerce software solution. Prior to version 6.5.11, a logic flaw exists in the newsletter subscription endpoint that allows an attacker to unsubscribe any user without their consent. By changing the value of the force_unsubscribe parameter in the POST request to 1, an attacker can force the removal of any valid subscriber’s email address. This issue has been patched in version 6.5.11.

Database specific
{
    "cwe_ids": [
        "CWE-862"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/59xxx/CVE-2025-59413.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/cubecart/v6

Affected ranges

Type
GIT
Repo
https://github.com/cubecart/v6
Events
Database specific
{
    "cpe": "cpe:2.3:a:cubecart:cubecart:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "6.5.11"
        }
    ],
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ]
}

Affected versions

2.*
2.6.7
6.*
6.0.0
6.0.0b1
6.0.0b2
6.0.0b3
6.0.0b4
6.0.0b5
6.0.0b6
6.0.0b7
6.0.1
6.0.10
6.0.11
6.0.12
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.0.8
6.0.9
6.1.0
6.1.1
6.1.10
6.1.11pr
6.1.2
6.1.3
6.1.4
6.1.5
6.1.6
6.1.7
6.1.8
6.1.9
6.2.0
6.2.0-b1
6.2.0-rc1
6.2.0-rc2
6.2.1
6.2.2
6.2.3
6.2.4
6.2.5
6.2.6
6.2.8
6.2.9
6.4.0
6.4.0-b1
6.4.0-b2
6.4.1
6.4.10
6.4.2
6.4.3
6.4.4
6.4.5
6.4.6
6.4.7
6.4.8
6.4.9
6.5.0
6.5.1
6.5.10
6.5.2
6.5.3
6.5.4
6.5.5
6.5.6
6.5.8
6.5.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59413.json"