CVE-2025-4015

Name of the Vulnerable Software and Affected Versions Novel-Plus versions 20120630 through 0e156c04b4b7ce0563bef6c97af4476fcda8f160

Description A critical issue has been found that affects the function list of the file novel-system/src/main/java/com/java2nb/system/controller/SessionController.java. This issue leads to missing authentication and can be exploited remotely. The exploit has been publicly disclosed, and the vendor was contacted prior to disclosure but did not respond.

Recommendations For Novel-Plus versions 20120630 through 0e156c04b4b7ce0563bef6c97af4476fcda8f160, as a temporary workaround, consider disabling the SessionController.java file until a patch is available. Restrict access to the SessionController.java function list to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.