CVE-2025-4036 | 201206030 Novel 3.5.0 Chapter AuthorController.java updateBookChapter access control

A vulnerability was found in 201206030 Novel 3.5.0 and classified as critical. This issue affects the function updateBookChapter of the file src/main/java/io/github/xxyopen/novel/controller/author/AuthorController.java of the component Chapter Handler. The manipulation leads to improper access controls.

The identification of this vulnerability is CVE-2025-4036. The attack may be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-4036 | 201206030 Novel 3.5.0 Chapter AuthorController.java updateBookChapter access control

Post correlati

CVE-2024-29316 | NodeBB 3.6.7 access control

CVE-2024-34201 | Totolink CP450 4.1.0cu.747_B20191224 getSaveConfig stack-based overflow

CVE-2024-37275 | NextScripts Plugin up to 4.4.6 on WordPress cross site scripting

CVE-2024-23741 | Hyper up to 3.4.1 on macOS Setting RunAsNode/enableNodeClilnspectArguments Privilege Escalation