CVE-2025-13806 – This vulnerability allows unauthorized Ethereum... (How to Fix)

Q: What is the severity of CVE-2025-13806?

CVE-2025-13806 has a CVSS score of 7.3 (HIGH). This vulnerability allows unauthorized Ethereum transactions through NutzBoot's Transaction API. Attackers can manipulate 'from/to/wei' parameters to execute transfers without proper authorization checks. Systems running NutzBoot up to version 2.6.0-SNAPSHOT with the vulnerable EthModule component are affected.

📋 TL;DR

This vulnerability allows unauthorized Ethereum transactions through NutzBoot's Transaction API. Attackers can manipulate 'from/to/wei' parameters to execute transfers without proper authorization checks. Systems running NutzBoot up to version 2.6.0-SNAPSHOT with the vulnerable EthModule component are affected.

💻 Affected Systems

Products:

nutzam NutzBoot

Versions: Up to and including 2.6.0-SNAPSHOT

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using the vulnerable EthModule component in the nutzboot-demo-simple-web3j module.

📦 What is this software?

Nutzboot by Nutzam

View all CVEs affecting Nutzboot →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete loss of Ethereum funds from vulnerable wallets, unauthorized transfers to attacker-controlled addresses, and potential chain reaction if the vulnerable component is used in financial applications.

🟠

Likely Case

Unauthorized transfer of Ethereum funds from vulnerable wallets to attacker addresses, with the amount limited by available wallet balances.

🟢

If Mitigated

No impact if proper network segmentation, API authentication, and transaction signing controls are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available in GitHub repositories, making exploitation straightforward for attackers with network access to vulnerable endpoints.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Upgrade to a version beyond 2.6.0-SNAPSHOT when released, or implement workarounds.

🔧 Temporary Workarounds

Disable vulnerable EthModule

all

Remove or disable the nutzboot-demo-simple-web3j module containing the vulnerable EthModule.java file

Remove or comment out EthModule.java from your project
Disable web3j integration if not required

Implement API authentication

all

Add authentication and authorization checks to all Transaction API endpoints

Implement JWT or API key authentication
Add role-based access controls to transaction endpoints

🧯 If You Can't Patch

Network segmentation: Isolate the vulnerable component from internet access and restrict to internal networks only
Implement Web Application Firewall (WAF) rules to block suspicious transaction patterns and parameter manipulation attempts

🔍 How to Verify

Check if Vulnerable:

Check if your project includes nutzboot-demo-simple-web3j module and EthModule.java file. Verify NutzBoot version is ≤2.6.0-SNAPSHOT.

Check Version:

Check pom.xml or build.gradle for NutzBoot version, or run: java -jar your-app.jar --version

Verify Fix Applied:

Test transaction endpoints with unauthorized requests to ensure proper authentication and authorization checks are in place.

📡 Detection & Monitoring

Log Indicators:

Unauthorized transaction attempts
Failed authentication on transaction endpoints
Unusual from/to address patterns in transaction logs

Network Indicators:

HTTP requests to transaction endpoints without authentication headers
Unusual transaction patterns or amounts

SIEM Query:

source="application.logs" AND ("EthModule" OR "transaction" OR "transfer") AND (status="401" OR status="403")

📊 Metadata

CVE ID: CVE-2025-13806

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-266

EPSS Score: 0.05% exploit probability (15.4th percentile)

Published: December 1, 2025

Last Updated: December 30, 2025

🔗 References

https://github.com/Xzzz111/exps/blob/main/archives/nutzboot-UnauthorizedTransfer-1/report.md Broken Link
https://github.com/Xzzz111/exps/blob/main/archives/nutzboot-UnauthorizedTransfer-1/report.md#vulnerability-details-and-poc Broken Link
https://vuldb.com/?ctiid.333816 Permissions Required,VDB Entry
https://vuldb.com/?id.333816 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.692061 Third Party Advisory,VDB Entry
https://github.com/Xzzz111/exps/blob/main/archives/nutzboot-UnauthorizedTransfer-1/report.md Broken Link
https://github.com/Xzzz111/exps/blob/main/archives/nutzboot-UnauthorizedTransfer-1/report.md#vulnerability-details-and-poc Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-13806, you might also want to check these: