PT-2025-53650 · Joey Zhou · Xiaozhi-Esp32-Server-Java
Zzdzz
·
Published
2025-12-28
·
Updated
2025-12-28
·
CVE-2025-15135
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
joey-zhou xiaozhi-esp32-server-java versions up to 3.0.0
Description
A flaw exists in the Cookie Handler component’s
tryAuthenticateWithCookies() function within the AuthenticationInterceptor.java file. Manipulation of this function can result in improper authentication. This issue is remotely exploitable, and details of the exploit are publicly available.Recommendations
Upgrade to version 4.0.0.
Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xiaozhi-Esp32-Server-Java