CVE-2025-15106 | getmaxun up to 0.0.28 Authentication Endpoint auth.ts router.get improper authorization

Inserito da Angelo Barbosa | Dic 26, 2025 | CVE

A vulnerability described as critical has been identified in getmaxun maxun up to 0.0.28. The affected element is the function router.get of the file server/src/routes/auth.ts of the component Authentication Endpoint. Executing manipulation can lead to improper authorization.

This vulnerability is handled as CVE-2025-15106. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-15106 | getmaxun up to 0.0.28 Authentication Endpoint auth.ts router.get improper authorization

Post correlati

CVE-2025-14711 | FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0 hotelList.php pickedHotelName/type sql injection

CVE-2025-29840 | Microsoft

CVE-2024-27567 | LBT T300-T390 2.2.1.8 HTTP POST Request config_vpn_pptp vpn_client_ip stack-based overflow

CVE-2024-24112 | xmall 1.1 orderDir sql injection (Issue 78)