OpenCart SRCCHandler Race Condition CVE-2025-15116 (4.1.0.3)
CVE-2025-15116 Published on December 28, 2025
OpenCart Single-Use Coupon race condition
A security flaw has been discovered in OpenCart up to 4.1.0.3. Affected by this issue is some unknown functionality of the component Single-Use Coupon Handler. Performing a manipulation results in race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update 13 days later.
Weakness Type
What is a Race Condition Vulnerability?
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.
CVE-2025-15116 has been classified to as a Race Condition vulnerability or weakness.
Products Associated with CVE-2025-15116
Want to know whenever a new CVE is published for Opencart? stack.watch will email you.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.