Home > Vulnerability Database > CVE-2025-6534

Mend.io Vulnerability Database

CVE-2025-6534

Date: June 23, 2025

A vulnerability, which was classified as problematic, was found in xxyopen/201206030 novel-plus up to 5.1.3. This affects the function remove of the file novel-admin/src/main/java/com/java2nb/common/controller/FileController.java of the component File Handler. The manipulation leads to improper control of resource identifiers. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity Score

5.9

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-6534

Url: https://vuldb.com/?submit.596505

Url: https://blog.0xd00.com/blog/missing-authorization-leads-to-arbitrary-file-deletion#poc

Url: https://blog.0xd00.com/blog/missing-authorization-leads-to-arbitrary-file-deletion

Url: https://vuldb.com/?ctiid.313653

Url: https://vuldb.com/?id.313653

Url: https://www.mend.io/vulnerability-database/CVE-2025-6534

Severity Score

5.9

Weakness Type (CWE)

Improper Control of Resource Identifiers ('Resource Injection')

CWE-99

Authorization Bypass Through User-Controlled Key

CWE-639

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-6534

Date: June 23, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?