CVE-2025-4016 – Novel-Plus LogController Java Remote Authorization Bypass

April 28, 2025

CVE ID : CVE-2025-4016

Published : April 28, 2025, 11:15 a.m. | 1 hour, 14 minutes ago

Description : A vulnerability classified as critical has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This affects the function deleteIndex of the file novel-admin/src/main/java/com/java2nb/common/controller/LogController.java. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4017 – Novel-Plus LogController Java Unauthenticated Remote Authorization Bypass

Next Article CVE-2025-4015 – Novel-Plus SessionController Missing Authentication Remote Vulnerability

How To Prevent WordPress SQL Injection Attacks

Java never goes out of style: Celebrating 30 years of the language

OpenAI o3-pro available in the API, BrowserStack adds Playwright support for real iOS devices, and more – Daily News Digest

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

Minecraft Vibrant Visuals finally has a release date and it’s dropping with the Happy Ghasts

QAQ-QQ-AI-QUEST

QAQ-QQ-AI-QUEST

JS Dark Arts: Abusing prototypes and the Result type

Helpful Git Aliases To Maximize Developer Productivity

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

CVE-2025-4016 – Novel-Plus LogController Java Remote Authorization Bypass

Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion

More From Our Main Blog: The Good, the Bad and the Ugly in Cybersecurity – Week 24

CVE-2025-46634 – Tenda RX2 Pro Password Hash Replay Vulnerability

CVE-2025-4117 – Netgear JWNR2000 Buffer Overflow Vulnerability

CVE-2025-3623 – WordPress Uncanny Automator PHP Object Injection Vulnerability

Evaluating social and ethical risks from generative AI

CVE-2025-43016 – JetBrains Rider Unvalidated Archive Unpacking Vulnerability

Collaboration: The Most Underrated UX Skill No One Talks About

LightOn AI Released GTE-ModernColBERT-v1: A Scalable Token-Level Semantic Search Model for Long-Document Retrieval and Benchmark-Leading Performance

Rethinking Research Reporting: A 5-Step Guide for UXRs

CVE-2025-4016 – Novel-Plus LogController Java Remote Authorization Bypass

Related Posts