CVE-2025-59413
- Source
- https://cve.org/CVERecord?id=CVE-2025-59413
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59413.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-59413
- Aliases
-
- GHSA-869v-gjv8-9m7f
- Published
- 2025-09-22T16:15:00.351Z
- Modified
- 2026-04-10T05:32:02.301014Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVSS Calculator
- Summary
- CubeCart Unauthorized Newsletter Unsubscription via force_unsubscribe Parameter
- Details
-
CubeCart is an ecommerce software solution. Prior to version 6.5.11, a logic flaw exists in the newsletter subscription endpoint that allows an attacker to unsubscribe any user without their consent. By changing the value of the force_unsubscribe parameter in the POST request to 1, an attacker can force the removal of any valid subscriber’s email address. This issue has been patched in version 6.5.11.
- Database specific
{ "cwe_ids": [ "CWE-862" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/59xxx/CVE-2025-59413.json", "cna_assigner": "GitHub_M" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/59xxx/CVE-2025-59413.json
- https://github.com/cubecart/v6/security/advisories/GHSA-869v-gjv8-9m7f
- https://nvd.nist.gov/vuln/detail/CVE-2025-59413
- https://github.com/cubecart/v6/commit/7fd1cd04f5d5c3ce1d7980327464f0ff6551de79
- https://github.com/cubecart/v6/commit/db965fcfa260c4f17eb16f8c5494e5af4a8ac271
- https://github.com/cubecart/v6/commit/dbc58cf1f7a6291f7add5893b56bff7920a29128
Affected packages
Git / github.com/cubecart/v6
Affected ranges
- Type
- GIT
- Repo
- https://github.com/cubecart/v6
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2.*
2.6.7
6.*
6.0.0
6.0.0b1
6.0.0b2
6.0.0b3
6.0.0b4
6.0.0b5
6.0.0b6
6.0.0b7
6.0.1
6.0.10
6.0.11
6.0.12
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.0.8
6.0.9
6.1.0
6.1.1
6.1.10
6.1.11pr
6.1.2
6.1.3
6.1.4
6.1.5
6.1.6
6.1.7
6.1.8
6.1.9
6.2.0
6.2.0-b1
6.2.0-rc1
6.2.0-rc2
6.2.1
6.2.2
6.2.3
6.2.4
6.2.5
6.2.6
6.2.8
6.2.9
6.4.0
6.4.0-b1
6.4.0-b2
6.4.1
6.4.10
6.4.2
6.4.3
6.4.4
6.4.5
6.4.6
6.4.7
6.4.8
6.4.9
6.5.0
6.5.1
6.5.10
6.5.2
6.5.3
6.5.4
6.5.5
6.5.6
6.5.8
6.5.9
v2.*
v2.6.7
v6.*
v6.0.0
v6.0.0b1
v6.0.0b2
v6.0.0b3
v6.0.0b4
v6.0.0b5
v6.0.0b6
v6.0.0b7
v6.0.1
v6.0.10
v6.0.11
v6.0.12
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.0.6
v6.0.8
v6.0.9
v6.1.0
v6.1.1
v6.1.10
v6.1.2
v6.1.3
v6.1.4
v6.1.5
v6.1.6
v6.1.7
v6.1.8
v6.1.9
v6.2.0
v6.2.0-b1
v6.2.0-rc1
v6.2.0-rc2
v6.2.1
v6.2.2
v6.2.3
v6.2.4
v6.2.5
v6.2.6
v6.2.8
v6.2.9
v6.4.0
v6.4.0-b1
v6.4.0-b2
v6.4.1
v6.4.10
v6.4.2
v6.4.3
v6.4.4
v6.4.5
v6.4.6
v6.4.7
v6.4.8
v6.4.9
v6.5.0
v6.5.1
v6.5.10
v6.5.2
v6.5.3
v6.5.4
v6.5.5
v6.5.6
v6.5.8
v6.5.9