The vulnerability CVE-2025-48128 in Sharespine Woocommerce Connector arises from missing authorization checks, allowing exploitation of incorrectly configured access control security levels. This affects versions up to and including 4.7.55. The CVSS 3.1 score is 4.3 (medium), reflecting network attack vector, low attack complexity, low privileges required, no user interaction, unchanged scope, no confidentiality or availability impact, but limited integrity impact. No patch or vendor advisory is currently provided, and no known exploits have been observed.

An attacker with low privileges can exploit this vulnerability to perform unauthorized actions that impact data integrity within the affected Sharespine Woocommerce Connector. There is no impact on confidentiality or availability reported. No known exploitation in the wild has been documented.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, review and tighten access control configurations in the Sharespine Woocommerce Connector to limit unauthorized actions. Monitor for vendor updates regarding patches or official mitigations.