{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-6533", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-06-23T14:32:23.248Z", "datePublished": "2025-06-24T00:00:12.882Z", "dateUpdated": "2025-06-25T15:02:40.680Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-24T00:00:12.882Z"}, "title": "xxyopen/201206030 novel-plus CATCHA LoginController.java ajaxLogin authentication replay", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-294", "lang": "en", "description": "Authentication Bypass by Capture-replay"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-287", "lang": "en", "description": "Improper Authentication"}]}], "affected": [{"vendor": "xxyopen", "product": "novel-plus", "versions": [{"version": "5.1.0", "status": "affected"}, {"version": "5.1.1", "status": "affected"}, {"version": "5.1.2", "status": "affected"}, {"version": "5.1.3", "status": "affected"}], "modules": ["CATCHA Handler"]}, {"vendor": "201206030", "product": "novel-plus", "versions": [{"version": "5.1.0", "status": "affected"}, {"version": "5.1.1", "status": "affected"}, {"version": "5.1.2", "status": "affected"}, {"version": "5.1.3", "status": "affected"}], "modules": ["CATCHA Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, has been found in xxyopen/201206030 novel-plus up to 5.1.3. Affected by this issue is the function ajaxLogin of the file novel-admin/src/main/java/com/java2nb/system/controller/LoginController.java of the component CATCHA Handler. The manipulation leads to authentication bypass by capture-replay. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Eine kritische Schwachstelle wurde in xxyopen/201206030 novel-plus bis 5.1.3 entdeckt. Dies betrifft die Funktion ajaxLogin der Datei novel-admin/src/main/java/com/java2nb/system/controller/LoginController.java der Komponente CATCHA Handler. Durch das Beeinflussen mit unbekannten Daten kann eine authentication bypass by capture-replay-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.3, "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.6, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2025-06-23T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-06-23T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-06-23T16:37:35.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "bpy9ft (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.313652", "name": "VDB-313652 | xxyopen/201206030 novel-plus CATCHA LoginController.java ajaxLogin authentication replay", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.313652", "name": "VDB-313652 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.596481", "name": "Submit #596481 | xxyopen novel-plus 5.1.3 Improper Restriction of Excessive Authentication Attempts", "tags": ["third-party-advisory"]}, {"url": "https://blog.0xd00.com/blog/captcha-replay-attack-lead-to-brute-force-protection-bypass", "tags": ["related"]}, {"url": "https://blog.0xd00.com/blog/captcha-replay-attack-lead-to-brute-force-protection-bypass#poc", "tags": ["exploit"]}]}, "adp": [{"references": [{"url": "https://blog.0xd00.com/blog/captcha-replay-attack-lead-to-brute-force-protection-bypass", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-25T14:53:09.187955Z", "id": "CVE-2025-6533", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-25T15:02:40.680Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6533", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-25T14:53:09.187955Z"}}}], "references": [{"url": "https://blog.0xd00.com/blog/captcha-replay-attack-lead-to-brute-force-protection-bypass", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-25T14:53:27.308Z"}}], "cna": {"title": "xxyopen/201206030 novel-plus CATCHA LoginController.java ajaxLogin authentication replay", "credits": [{"lang": "en", "type": "reporter", "value": "bpy9ft (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "xxyopen", "modules": ["CATCHA Handler"], "product": "novel-plus", "versions": [{"status": "affected", "version": "5.1.0"}, {"status": "affected", "version": "5.1.1"}, {"status": "affected", "version": "5.1.2"}, {"status": "affected", "version": "5.1.3"}]}, {"vendor": "201206030", "modules": ["CATCHA Handler"], "product": "novel-plus", "versions": [{"status": "affected", "version": "5.1.0"}, {"status": "affected", "version": "5.1.1"}, {"status": "affected", "version": "5.1.2"}, {"status": "affected", "version": "5.1.3"}]}], "timeline": [{"lang": "en", "time": "2025-06-23T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-06-23T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-06-23T16:37:35.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.313652", "name": "VDB-313652 | xxyopen/201206030 novel-plus CATCHA LoginController.java ajaxLogin authentication replay", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.313652", "name": "VDB-313652 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.596481", "name": "Submit #596481 | xxyopen novel-plus 5.1.3 Improper Restriction of Excessive Authentication Attempts", "tags": ["third-party-advisory"]}, {"url": "https://blog.0xd00.com/blog/captcha-replay-attack-lead-to-brute-force-protection-bypass", "tags": ["related"]}, {"url": "https://blog.0xd00.com/blog/captcha-replay-attack-lead-to-brute-force-protection-bypass#poc", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, has been found in xxyopen/201206030 novel-plus up to 5.1.3. Affected by this issue is the function ajaxLogin of the file novel-admin/src/main/java/com/java2nb/system/controller/LoginController.java of the component CATCHA Handler. The manipulation leads to authentication bypass by capture-replay. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Eine kritische Schwachstelle wurde in xxyopen/201206030 novel-plus bis 5.1.3 entdeckt. Dies betrifft die Funktion ajaxLogin der Datei novel-admin/src/main/java/com/java2nb/system/controller/LoginController.java der Komponente CATCHA Handler. Durch das Beeinflussen mit unbekannten Daten kann eine authentication bypass by capture-replay-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-294", "description": "Authentication Bypass by Capture-replay"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "Improper Authentication"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-24T00:00:12.882Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6533", "state": "PUBLISHED", "dateUpdated": "2025-06-25T15:02:40.680Z", "dateReserved": "2025-06-23T14:32:23.248Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-06-24T00:00:12.882Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xxyopen:novel-plus:*:*:*:*:*:*:*:*", "matchCriteriaId": "9203E639-350D-4668-ABF3-48BBF122D055", "versionEndIncluding": "5.1.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, has been found in xxyopen/201206030 novel-plus up to 5.1.3. Affected by this issue is the function ajaxLogin of the file novel-admin/src/main/java/com/java2nb/system/controller/LoginController.java of the component CATCHA Handler. The manipulation leads to authentication bypass by capture-replay. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad clasificada como cr\u00edtica en xxyopen/201206030 novel-plus hasta la versi\u00f3n 5.1.3. Este problema afecta a la funci\u00f3n ajaxLogin del archivo novel-admin/src/main/java/com/java2nb/system/controller/LoginController.java del componente CATCHA Handler. La manipulaci\u00f3n permite eludir la autenticaci\u00f3n mediante captura y repetici\u00f3n. El ataque puede ejecutarse en remoto. Es un ataque de complejidad bastante alta. Parece dif\u00edcil de explotar. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3."}], "id": "CVE-2025-6533", "lastModified": "2025-10-01T19:48:18.620", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-06-24T00:15:26.397", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://blog.0xd00.com/blog/captcha-replay-attack-lead-to-brute-force-protection-bypass"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://blog.0xd00.com/blog/captcha-replay-attack-lead-to-brute-force-protection-bypass#poc"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.313652"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.313652"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.596481"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"], "url": "https://blog.0xd00.com/blog/captcha-replay-attack-lead-to-brute-force-protection-bypass"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}, {"lang": "en", "value": "CWE-294"}], "source": "cna@vuldb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-307"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}