CVE-2025-4017

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Apr 28, 2025

Updated: Apr 29, 2025

CWE ID 285

CWE ID 266

Summary

CVE-2025-4017 is a recently disclosed vulnerability affecting Novel-Plus versions up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This issue lies in the function list of the file nnovel-admin/src/main/java/com/java2nb/common/controller/LogController.java. Manipulation of this function results in improper authorization, allowing remote attackers to exploit the system. The vulnerability has been made public, increasing the risk of exploitation. Despite early disclosure, the vendor has not responded to reports about this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/5kp34S
https://www.cve.org/CVERecord?id=CVE-2025-4017
https://nvd.nist.gov/vuln/detail/CVE-2025-4017

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2025-4017

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations