Vulnerability-Lookup - Search a vulnerability

Refine your search

Product

Sort by

Order

Sources

1 vulnerability found for by TaleLin

CVE-2025-15151 (GCVE-0-2025-15151)

Vulnerability from cvelistv5

Published

2025-12-28 19:32

Modified

2025-12-29 15:52

Severity ?

2.9 (Low) - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RC:R
3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RC:R

CWE

CWE-260 - Password in Configuration File
CWE-255 - Credentials Management

Summary

A vulnerability was determined in TaleLin Lin-CMS up to 0.6.0. This affects an unknown part of the file /tests/config.py of the component Tests Folder. This manipulation of the argument username/password causes password in configuration file. The attack is possible to be carried out remotely. The complexity of an attack is rather high. It is indicated that the exploitability is difficult. The exploit has been publicly disclosed and may be utilized.

References

URL

Tags

	https://vuldb.com/?id.338528	vdb-entry, technical-description
	https://vuldb.com/?ctiid.338528	signature, permissions-required
	https://vuldb.com/?submit.721893	third-party-advisory
	https://github.com/m3ngx1ng/cve/blob/4690d4020a4a642af4c50912f762937292228641/lin-cms.md	exploit

Impacted products

	Vendor	Product	Version
	TaleLin	Lin-CMS	Version: 0.1 Version: 0.2 Version: 0.3 Version: 0.4 Version: 0.5 Version: 0.6.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-15151",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-29T15:52:31.792317Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-29T15:52:38.176Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Tests Folder"
          ],
          "product": "Lin-CMS",
          "vendor": "TaleLin",
          "versions": [
            {
              "status": "affected",
              "version": "0.1"
            },
            {
              "status": "affected",
              "version": "0.2"
            },
            {
              "status": "affected",
              "version": "0.3"
            },
            {
              "status": "affected",
              "version": "0.4"
            },
            {
              "status": "affected",
              "version": "0.5"
            },
            {
              "status": "affected",
              "version": "0.6.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "m3x1 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was determined in TaleLin Lin-CMS up to 0.6.0. This affects an unknown part of the file /tests/config.py of the component Tests Folder. This manipulation of the argument username/password causes password in configuration file. The attack is possible to be carried out remotely. The complexity of an attack is rather high. It is indicated that the exploitability is difficult. The exploit has been publicly disclosed and may be utilized."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 2.6,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-260",
              "description": "Password in Configuration File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-255",
              "description": "Credentials Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-28T19:32:05.944Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-338528 | TaleLin Lin-CMS Tests Folder config.py password in configuration file",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.338528"
        },
        {
          "name": "VDB-338528 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.338528"
        },
        {
          "name": "Submit #721893 | https://doc.cms.talelin.com/ Lin-CMS 0.6.0 weak password",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.721893"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/m3ngx1ng/cve/blob/4690d4020a4a642af4c50912f762937292228641/lin-cms.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-12-27T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-12-27T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-12-27T15:00:04.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "TaleLin Lin-CMS Tests Folder config.py password in configuration file"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-15151",
    "datePublished": "2025-12-28T19:32:05.944Z",
    "dateReserved": "2025-12-27T13:55:00.561Z",
    "dateUpdated": "2025-12-29T15:52:38.176Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}