Home > Vulnerability Database > CVE-2025-15105

Mend.io Vulnerability Database

CVE-2025-15105

Good to know:

Date: December 27, 2025

A security flaw has been discovered in getmaxun maxun up to 0.0.28. Impacted is an unknown function of the file /getmaxun/maxun/blob/develop/server/src/routes/auth.ts. Performing manipulation of the argument api_key results in use of hard-coded cryptographic key . Remote exploitation of the attack is possible. The attack is considered to have high complexity. The exploitability is considered difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Severity Score

5.9

Related Resources (6)

Url: https://gist.github.com/H2u8s/40be31987e52fc81076b6bfcfbdf3cd6

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-15105

Url: https://vuldb.com/?submit.710256

Url: https://vuldb.com/?id.338476

Url: https://vuldb.com/?ctiid.338476

Url: https://www.mend.io/vulnerability-database/CVE-2025-15105

Severity Score

5.9

Weakness Type (CWE)

Key Management Errors

CWE-320

Use of Hard-coded Credentials

CWE-798

Use of Hard-coded Cryptographic Key

CWE-321

Top Fix

Upgrade Version

Upgrade to version https://github.com/getmaxun/maxun.git - v0.0.29

Learn More

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	2.6
Access Vector (AV):	NETWORK
Access Complexity (AC):	HIGH
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2025-15105

Good to know:

Date: December 27, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?