CVE-2025-15141 | Halo up to 2.21.10 Configuration /actuator information disclosure

A vulnerability described as problematic has been identified in Halo up to 2.21.10. This issue affects some unknown processing of the file /actuator of the component Configuration Handler. Executing manipulation can lead to information disclosure.

This vulnerability appears as CVE-2025-15141. The attack may be performed from remote. In addition, an exploit is available.

The application of restrictive firewalling is recommended.

The vendor was contacted early about this disclosure but did not respond in any way. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

CVE-2025-15141 | Halo up to 2.21.10 Configuration /actuator information disclosure

Post correlati

CVE-2025-26569 | callmeforsox Post Thumbs Plugin up to 1.5 on WordPress cross-site request forgery

CVE-2024-26588 | Linux Kernel up to 6.0/6.1.74/6.6.13/6.7.1 BPF out-of-bounds

CVE-2025-48340 | Danny Vink User Profile Meta Manager Plugin up to 1.02 on WordPress cross-site request forgery

CVE-2025-1595 | Anhui Xufan Information Technology EasyCVR up to 2.7.0 /api/v1/getbaseconfig information disclosure