CVE-2025-4015 | 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160 SessionController.java list missing authentication
A vulnerability was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. It has been classified as critical. The affected element is the function list of the file novel-system/src/main/java/com/java2nb/system/controller/SessionController.java. This manipulation causes missing authentication.
This vulnerability is tracked as CVE-2025-4015. The attack is possible to be carried out remotely. Moreover, an exploit is present.
The vendor was contacted early about this disclosure but did not respond in any way.