CVE-2025-15141 – Halo Configuration actuator information disclosure

CVE ID : CVE-2025-15141

Published : Dec. 28, 2025, 3:15 p.m. | 1 hour, 7 minutes ago

Description : A vulnerability was determined in Halo up to 2.21.10. This issue affects some unknown processing of the file /actuator of the component Configuration Handler. Executing manipulation can lead to information disclosure. The attack may be performed from remote. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 3.1 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2025-15152 – h-moses moga-mall PmsProductController.java addProduct unrestricted upload

CVE-2025-15151 – TaleLin Lin-CMS Tests Folder config.py password in configuration file

CVE-2025-15150 – PX4 PX4-Autopilot mavlink_log_handler.cpp log_entry_from_id stack-based overflow

CVE-2025-15149 – rawchen ecms Add New Product updateProductServlet.java updateProductServlet cross site scripting