CVE-2025-6534

Name of the Vulnerable Software and Affected Versions: xxyopen/201206030 novel-plus versions through 5.1.3

Description: A problematic issue exists due to improper control of resource identifiers. This issue affects the remove function within the novel-admin/src/main/java/com/java2nb/common/controller/FileController.java file of the File Handler component. The attack can be initiated remotely and is considered to have high complexity and difficult exploitability. The exploit for this issue has been publicly disclosed. The vendor was informed of the disclosure but did not respond.

Recommendations: Versions prior to 5.1.4 should be used. As a temporary workaround, consider disabling the remove function until a patch is available.