CVE-2025-15105 | getmaxun up to 0.0.28 auth.ts api_key hard-coded key

A vulnerability marked as critical has been reported in getmaxun maxun up to 0.0.28. Impacted is an unknown function of the file /getmaxun/maxun/blob/develop/server/src/routes/auth.ts. Performing manipulation of the argument api_key results in use of hard-coded cryptographic key
.

This vulnerability is known as CVE-2025-15105. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-15105 | getmaxun up to 0.0.28 auth.ts api_key hard-coded key

Post correlati

CVE-2021-46969 | Linux Kernel up to 5.12.2 mhi mhi_queue use after free (a99b661c3187/0ecc1c70dcd3)

CVE-2024-49650 | xarbo BuddyPress Greeting Message Plugin up to 1.0.3 on WordPress cross site scripting

CVE-2024-23784 | Sharp Energy Management Controller with Cloud Services up to B0.1.9.1 access control

CVE-2024-9155 | Mattermost up to 9.5.8/9.9.2/9.10.1 Channel authorization