CVE-2025-15141

Name of the Vulnerable Software and Affected Versions Halo versions up to 2.21.10

Description A flaw exists in Halo, specifically within the Configuration Handler component. This issue involves the processing of the /actuator file and can lead to information disclosure. The attack can be carried out remotely and is considered to be of high complexity with difficult exploitability. The exploit for this issue has been publicly disclosed. The vendor was informed about the disclosure but did not provide a response.

API Endpoints /actuator

Recommendations Versions prior to 2.21.10 should be updated. At the moment, there is no information about a newer version that contains a fix for this vulnerability.