CVE-2025-15106

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-15106

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-15106.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-15106

Published

2025-12-27T11:15:51.550Z

Modified

2026-03-14T15:01:55.834317Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

A weakness has been identified in getmaxun maxun up to 0.0.28. The affected element is the function router.get of the file server/src/routes/auth.ts of the component Authentication Endpoint. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

References

Affected packages

Git / github.com/getmaxun/maxun

Affected ranges

Type

GIT

Repo

https://github.com/getmaxun/maxun

Events

Introduced

Last affected

7d0ab5f32d777a0f62f83dce4e7cf1ed961ab527

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.0.28"
        }
    ]
}

Affected versions

hotfix-0.*

hotfix-0.0.3

v0.*

v0.0.01

v0.0.10

v0.0.11

v0.0.12

v0.0.13

v0.0.14

v0.0.15

v0.0.16

v0.0.17

v0.0.18

v0.0.19

v0.0.2

v0.0.21

v0.0.22

v0.0.23

v0.0.24

v0.0.25

v0.0.26

v0.0.27

v0.0.28

v0.0.3

v0.0.4

v0.0.5

v0.0.6

v0.0.7

v0.0.8

v0.0.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-15106.json"