CVE-2025-6534 xxyopen/201206030 novel-plus File FileController.java remove resource injection

🗓️ 24 Jun 2025 00:31:05Reported by VulDBType

Vulnerability CVE-2025-6534 in novel-plus allows remote resource injection attack with high complexity.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2025-6534	24 Jun 202500:46	–	circl
CNNVD	novel-plus 安全漏洞	24 Jun 202500:00	–	cnnvd
CVE	CVE-2025-6534	24 Jun 202500:31	–	cve
EUVD	EUVD-2025-18972	3 Oct 202520:07	–	euvd
NVD	CVE-2025-6534	24 Jun 202501:15	–	nvd
Positive Technologies	PT-2025-26657 · Unknown · Novel-Plus	24 Jun 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-6534	26 Jun 202500:37	–	redhatcve
Vulnrichment	CVE-2025-6534 xxyopen/201206030 novel-plus File FileController.java remove resource injection	24 Jun 202500:31	–	vulnrichment

[
  {
    "vendor": "xxyopen",
    "product": "novel-plus",
    "versions": [
      {
        "version": "5.1.0",
        "status": "affected"
      },
      {
        "version": "5.1.1",
        "status": "affected"
      },
      {
        "version": "5.1.2",
        "status": "affected"
      },
      {
        "version": "5.1.3",
        "status": "affected"
      }
    ],
    "modules": [
      "File Handler"
    ]
  },
  {
    "vendor": "201206030",
    "product": "novel-plus",
    "versions": [
      {
        "version": "5.1.0",
        "status": "affected"
      },
      {
        "version": "5.1.1",
        "status": "affected"
      },
      {
        "version": "5.1.2",
        "status": "affected"
      },
      {
        "version": "5.1.3",
        "status": "affected"
      }
    ],
    "modules": [
      "File Handler"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
blog	www.blog.0xd00.com/blog/missing-authorization-leads-to-arbitrary-file-deletion
blog	www.blog.0xd00.com/blog/missing-authorization-leads-to-arbitrary-file-deletion
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/

24 Jun 2025 00:31Current

CVSS 42.3

CVSS 23.6

CVSS 3.14.2

CVSS 34.2

EPSS0.00465

CWE-99