CVE-2025-13806 – nutzam NutzBoot Transaction API EthModule.java improper authorization

CVE ID : CVE-2025-13806

Published : Dec. 1, 2025, 5:16 a.m. | 1 hour, 9 minutes ago

Description : A security vulnerability has been detected in nutzam NutzBoot up to 2.6.0-SNAPSHOT. This impacts an unknown function of the file nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java of the component Transaction API. The manipulation of the argument from/to/wei leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2025-13809 – orionsec orion-ops SSH Connection MachineInfoController.java server-side request forgery

CVE-2025-13808 – orionsec orion-ops User Profile UserController.java update improper authorization

CVE-2025-13807 – orionsec orion-ops API MachineKeyController.java MachineKeyController improper authorization

CVE-2025-13805 – nutzam NutzBoot LiteRpc-Serializer HttpServletRpcEndpoint.java getInputStream deserialization