CVE-2025-15106

🗓️ 27 Dec 2025 10:32:05Reported by VulDBType

CVE-2025-15106 allows improper authorization via the authentication endpoint router.get in getmaxun version 0.0.28.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2025-15106	27 Dec 202514:18	–	circl
CNNVD	Maxun 授权问题漏洞	27 Dec 202500:00	–	cnnvd
Cvelist	CVE-2025-15106 getmaxun Authentication Endpoint auth.ts router.get improper authorization	27 Dec 202510:32	–	cvelist
EUVD	EUVD-2025-205474	27 Dec 202512:30	–	euvd
NVD	CVE-2025-15106	27 Dec 202511:15	–	nvd
Positive Technologies	PT-2025-53618	27 Dec 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-15106	29 Dec 202505:54	–	redhatcve
Vulnrichment	CVE-2025-15106 getmaxun Authentication Endpoint auth.ts router.get improper authorization	27 Dec 202510:32	–	vulnrichment

NVD

Vulners

Node

maxun maxunRange≤0.0.28

[
  {
    "vendor": "getmaxun",
    "product": "maxun",
    "versions": [
      {
        "version": "0.0.1",
        "status": "affected"
      },
      {
        "version": "0.0.2",
        "status": "affected"
      },
      {
        "version": "0.0.3",
        "status": "affected"
      },
      {
        "version": "0.0.4",
        "status": "affected"
      },
      {
        "version": "0.0.5",
        "status": "affected"
      },
      {
        "version": "0.0.6",
        "status": "affected"
      },
      {
        "version": "0.0.7",
        "status": "affected"
      },
      {
        "version": "0.0.8",
        "status": "affected"
      },
      {
        "version": "0.0.9",
        "status": "affected"
      },
      {
        "version": "0.0.10",
        "status": "affected"
      },
      {
        "version": "0.0.11",
        "status": "affected"
      },
      {
        "version": "0.0.12",
        "status": "affected"
      },
      {
        "version": "0.0.13",
        "status": "affected"
      },
      {
        "version": "0.0.14",
        "status": "affected"
      },
      {
        "version": "0.0.15",
        "status": "affected"
      },
      {
        "version": "0.0.16",
        "status": "affected"
      },
      {
        "version": "0.0.17",
        "status": "affected"
      },
      {
        "version": "0.0.18",
        "status": "affected"
      },
      {
        "version": "0.0.19",
        "status": "affected"
      },
      {
        "version": "0.0.20",
        "status": "affected"
      },
      {
        "version": "0.0.21",
        "status": "affected"
      },
      {
        "version": "0.0.22",
        "status": "affected"
      },
      {
        "version": "0.0.23",
        "status": "affected"
      },
      {
        "version": "0.0.24",
        "status": "affected"
      },
      {
        "version": "0.0.25",
        "status": "affected"
      },
      {
        "version": "0.0.26",
        "status": "affected"
      },
      {
        "version": "0.0.27",
        "status": "affected"
      },
      {
        "version": "0.0.28",
        "status": "affected"
      }
    ],
    "modules": [
      "Authentication Endpoint"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
gist	www.gist.github.com/H2u8s/1a0bdb19d5c8c8f4dc72cb49ffe9a22b
vuldb	www.vuldb.com/

29 Apr 2026 01:00Current

6.3Medium risk

Vulners AI Score6.3

CVSS 3.14.3 - 6.3

CVSS 45.3

CVSS 26.5

CVSS 36.3

EPSS0.00081

SSVC

authentication endpoint router get getmaxun improper authorization remote exploit public exploit version 0.0.28