CVE-2025-0974

MEDIUM 5.0

MaxD Lightning Module deserialization

CVSS Score

5.0

EPSS Score

0.0%

EPSS Percentile

7th

A vulnerability was determined in MaxD Lightning Module 4.43/4.44 on OpenCart. This issue affects some unknown processing. Executing a manipulation of the argument li_op/md can lead to deserialization. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is assessed as difficult. The exploit has been publicly disclosed and may be utilized. Upgrading to version 4.45 is capable of addressing this issue. Upgrading the affected component is advised.

CWE	CWE-502 CWE-20
Vendor	maxd
Product	lightning module
Published	Feb 3, 2025
Last Updated	Apr 19, 2026

Stay Ahead of the Next One

Get instant alerts for maxd lightning module

Be the first to know when new medium vulnerabilities affecting maxd lightning module are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

MaxD / Lightning Module

4.43 4.44

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/294365 vuldb.com: https://vuldb.com/vuln/294365/cti vuldb.com: https://vuldb.com/submit/489672 gist.github.com: https://gist.github.com/mcdruid/f8153d7d535c0fcba920e83a64953d4e lightning.devs.mx: https://lightning.devs.mx/download

Credits

🔍 mcdruid (VulDB User)