Which versions of GrandNode are affected by CVE-2025-10216?

CVE-2025-10216 is a low-severity vulnerability in GrandNode (CVSS 2.1). The limited severity suggests constrained impact, typically requiring specific conditions or local access for exploitation.

How to fix or mitigate CVE-2025-10216?

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

GrandNode CVE-2025-10216

Q: What is the CVSS score of CVE-2025-10216?

CVE-2025-10216 has a CVSS 4.0 base score of 1.2 (Low). CVSS vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

LOW

Race Condition (CWE-362)

2025-09-10 cna@vuldb.com

Information Disclosure Race Condition

1.2

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:11 NVD

2.1 (LOW) 1.2 (LOW)

Analysis Generated

Mar 28, 2026 - 19:11 vuln.today

CVE Published

Sep 10, 2025 - 21:15 nvd

LOW 2.1

DescriptionNVD

A vulnerability was detected in GrandNode up to 2.3.0. The impacted element is an unknown function of the file /checkout/ConfirmOrder/ of the component Voucher Handler. The manipulation of the argument giftvouchercouponcode results in race condition. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is regarded as difficult. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

A vulnerability was detected in GrandNode up to 2.3.0. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-362. A vulnerability was detected in GrandNode up to 2.3.0. The impacted element is an unknown function of the file /checkout/ConfirmOrder/ of the component Voucher Handler. The manipulation of the argument giftvouchercouponcode results in race condition. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is regarded as difficult. The vendor was contacted early about this disclosure but did not respond in any way. Version information: up to 2.3.0..

Affected ProductsAI

GrandNode up to 2.3.0. The impacted element.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-10216 vulnerability details – vuln.today

Back