CVE-2025-15105

Name of the Vulnerable Software and Affected Versions getmaxun versions up to 0.0.28

Description A security flaw exists in getmaxun maxun up to version 0.0.28. The issue involves manipulation of the api key argument within an unknown function located in the file '/getmaxun/maxun/blob/develop/server/src/routes/auth.ts', leading to the use of a hard-coded cryptographic key. Remote exploitation is possible, but is considered difficult due to the high complexity. The exploit has been publicly released. The vendor was contacted but did not respond.

Recommendations Versions prior to 0.0.28 should be used.