CVE-2025-13806

Опубликовано: 01 дек. 2025

Источник: nvd

CVSS3: 7.3

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

A security vulnerability has been detected in nutzam NutzBoot up to 2.6.0-SNAPSHOT. This impacts an unknown function of the file nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java of the component Transaction API. The manipulation of the argument from/to/wei leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

Ссылки

https://github.com/Xzzz111/exps/blob/main/archives/nutzboot-UnauthorizedTransfer-1/report.md
Broken Link
https://github.com/Xzzz111/exps/blob/main/archives/nutzboot-UnauthorizedTransfer-1/report.md#vulnerability-details-and-poc
Broken Link
https://vuldb.com/?ctiid.333816
Permissions Required
VDB Entry
https://vuldb.com/?id.333816
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.692061
Third Party Advisory
VDB Entry
https://github.com/Xzzz111/exps/blob/main/archives/nutzboot-UnauthorizedTransfer-1/report.md
Broken Link
https://github.com/Xzzz111/exps/blob/main/archives/nutzboot-UnauthorizedTransfer-1/report.md#vulnerability-details-and-poc
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nutzam:nutzboot:*:*:*:*:*:maven:*:*

Версия до 2.6.0 (включая)

EPSS

Процентиль: 15%

0.00048

Низкий

7.3 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-266

CWE-863

Связанные уязвимости

GHSA-53v5-9752-qq92

CVSS3: 7.3

github

2 месяца назад

NutzBoot Incorrect Privilege Assignment vulnerability

EPSS

Процентиль: 15%

0.00048

Низкий

7.3 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-266

CWE-863