CVE-2025-1749

CVSS 3.1 Score 4.7 of 10 (medium)

Details

Published Feb 28, 2025

CWE ID 79

Summary

CVE-2025-1749 is a critical HTML injection vulnerability affecting OpenCart versions below 4.1.0. An attacker can exploit this flaw by sending a malicious URL and manipulating the parameter name in the /account/voucher section. Successful exploitation enables an attacker to alter the HTML displayed in the victim's browser, potentially leading to data theft or unauthorized actions. This vulnerability poses a significant risk to websites running unpatched OpenCart versions and requires immediate attention and patch application.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

OpenCart

Affected Vendors

OpenCart Ltd.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3yYNKH
https://www.cve.org/CVERecord?id=CVE-2025-1749
https://nvd.nist.gov/vuln/detail/CVE-2025-1749

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners