CVE-2025-13806

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions nutzam NutzBoot versions up to 2.6.0-SNAPSHOT

Description A security issue exists in nutzam NutzBoot related to improper authorization within the Transaction API. The issue stems from manipulation of the from, to, and wei arguments in an unknown function within the file nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java. Remote exploitation is possible, and the exploit has been publicly disclosed.

Recommendations Versions prior to 2.6.0-SNAPSHOT should be used.

Exploit

Fix

Incorrect Authorization

Incorrect Privilege Assignment

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-266CWE-285

Related Identifiers

CVE-2025-13806

GHSA-53V5-9752-QQ92

Affected Products

Nutzboot

CVE-2025-13806

Weakness Enumeration

Related Identifiers

Affected Products

References · 16