Vulnerabilities

CVE-2025-15135 - joey-zhou xiaozhi-esp32-server-java Cookie AuthenticationInterceptor.java tryAut...

2025-12-28 0 views admin

CVE ID : CVE-2025-15135 Published : Dec. 28, 2025, 12:15 p.m. | 1 hour, 17 minutes ago Description : A weakness has been identified in joey-zhou xiaozhi-esp32-server-java up to 3.0.0. This impacts the function tryAuthenticateWithCookies of the file AuthenticationInterceptor.java of the component Cookie Handler. Executing manipulation can lead to improper authentication. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. Upgrading to version 4.0.0 will fix this issue. It is recommended to upgrade the affected component. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2025-15135

Severity

MEDIUM

Published

Dec. 28, 2025

Affected Product: java

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-15135mediumjava

CVE-2025-15135 - joey-zhou xiaozhi-esp32-server-java Cookie AuthenticationInterceptor.java tryAut...

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-15134 - yourmaileyes MOOC Submission MainController.java subreview cross site scripting

CVE-2025-15137 - TRENDnet TEW-800MB NTPSyncWithHost.cgi sub_F934 command injection

CVE-2025-15136 - TRENDnet TEW-800MB Management wizardset do_setWizard_asp command injection

CVE-2025-15130 - shanyu SyCms Administrative Panel FileManageController.class.php addPost code in...

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting