CVE-2025-15141

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-15141

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-15141.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-15141

Published

2025-12-28T15:15:41.813Z

Modified

2026-03-15T22:51:03.280900Z

Severity

1.3 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Summary

[none]

Details

A vulnerability was determined in Halo up to 2.21.10. This issue affects some unknown processing of the file /actuator of the component Configuration Handler. Executing a manipulation can lead to information disclosure. The attack may be performed from remote. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

References

Affected packages

Git / github.com/halo-dev/halo

Affected ranges

Type

GIT

Repo

https://github.com/halo-dev/halo

Events

Introduced

Last affected

d57c4d8070de0972d2e5a8cb3c37889e99b51a03

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.21.10"
        }
    ]
}

Affected versions

v0.*

v0.0.1

v0.0.2

v0.0.3

v0.0.4

v0.0.5

v0.0.6

v0.0.7

v0.0.8

v0.0.9

v0.1

v0.1.1

v0.2.0

v0.2.1

v0.2.2

v0.3.0

v0.4.0

v0.4.1

v0.4.2

v1.*

v1.0.0

v1.0.0-beta.2

v1.0.0-beta.3

v1.0.0-beta.4

v1.0.0-beta.5

v1.0.0-beta.6

v1.0.0-beta.7

v1.0.0-beta.8

v1.0.0-beta.9

v1.0.1

v1.0.2

v1.0.2-beta.1

v1.0.3

v1.1.0

v1.1.0-beta.1

v1.1.0-beta.2

v1.1.0-beta.3

v1.1.1

v1.1.3-beta.1

v1.1.3-beta.2

v1.2.0

v1.2.0-beta.1

v1.2.0-beta.2

v1.2.0-beta.3

v1.2.0-beta.4

v1.2.0-beta.5

v1.3.0

v1.3.0-beta.1

v1.3.0-beta.2

v1.3.0-beta.3

v1.3.0-beta.4

v1.3.1

v1.3.2

v1.4.0

v1.4.0-beta.1

v1.4.0-beta.2

v1.4.0-beta.3

v1.4.1

v1.4.10

v1.4.11

v1.4.12

v1.4.13

v1.4.2

v1.4.3

v1.4.3-beta.1

v1.4.3-beta.2

v1.4.3-beta.3

v1.4.4

v1.4.5

v1.4.6

v1.4.7

v1.4.7-beta.1

v1.4.8

v1.4.9

v1.5.0-alpha.1

v2.*

v2.0.0

v2.0.0-alpha.1

v2.0.0-alpha.2

v2.0.0-alpha.3

v2.0.0-alpha.4

v2.0.0-beta.1

v2.0.0-beta.2

v2.0.0-rc.1

v2.0.0-rc.2

v2.1.0

v2.1.0-rc.1

v2.10.0

v2.10.0-alpha.1

v2.10.0-beta.1

v2.11.0

v2.11.0-rc.1

v2.11.0-rc.2

v2.12.0

v2.12.0-alpha.1

v2.12.0-alpha.2

v2.12.0-beta.1

v2.12.0-beta.2

v2.12.0-rc.1

v2.12.0-rc.2

v2.12.3

v2.13.0

v2.13.0-rc.1

v2.14.0

v2.14.0-rc.1

v2.15.0

v2.15.0-rc.1

v2.16.0

v2.16.0-rc.1

v2.16.0-rc.2

v2.17.0

v2.17.0-alpha.1

v2.17.0-alpha.2

v2.17.0-beta.1

v2.17.0-rc.1

v2.18.0

v2.18.0-rc.1

v2.19.0

v2.19.0-rc.1

v2.19.0-rc.2

v2.19.0-rc.3

v2.19.0-rc.4

v2.2.0

v2.20.0

v2.20.0-rc.1

v2.20.0-rc.2

v2.20.1

v2.20.10

v2.20.11

v2.20.12

v2.20.13

v2.20.14

v2.20.15

v2.20.16

v2.20.17

v2.20.18

v2.20.19

v2.20.2

v2.20.20

v2.20.21

v2.20.3

v2.20.4

v2.20.5

v2.20.6

v2.20.7

v2.20.8

v2.20.9

v2.21.0

v2.21.0-alpha.1

v2.21.0-alpha.2

v2.21.0-beta.1

v2.21.0-beta.2

v2.21.1

v2.21.10

v2.21.2

v2.21.3

v2.21.4

v2.21.5

v2.21.6

v2.21.7

v2.21.8

v2.21.9

v2.3.0

v2.3.0-rc.1

v2.4.0

v2.4.0-rc.1

v2.5.0

v2.5.0-rc.1

v2.5.0-rc.2

v2.5.1

v2.6.0

v2.6.0-rc.1

v2.7.0

v2.7.0-rc.1

v2.7.0-rc.2

v2.8.0

v2.8.0-rc.1

v2.8.0-rc.2

v2.9.0

v2.9.0-rc.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-15141.json"