CVE-2025-15106 – CVE-2025-15106 is an improper authorization vul... (How to Fix)

Q: What is the severity of CVE-2025-15106?

CVE-2025-15106 has a CVSS score of 6.3 (MEDIUM). CVE-2025-15106 is an improper authorization vulnerability in getmaxun maxun's authentication endpoint that allows attackers to bypass authorization controls remotely. This affects systems running getmaxun maxun up to version 0.0.28. The vulnerability is in the router.get function of the authentication component.

📋 TL;DR

CVE-2025-15106 is an improper authorization vulnerability in getmaxun maxun's authentication endpoint that allows attackers to bypass authorization controls remotely. This affects systems running getmaxun maxun up to version 0.0.28. The vulnerability is in the router.get function of the authentication component.

💻 Affected Systems

Products:

getmaxun maxun

Versions: up to 0.0.28

Operating Systems: all

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the authentication endpoint specifically; any deployment using the vulnerable component is affected

📦 What is this software?

Maxun by Maxun

View all CVEs affecting Maxun →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through unauthorized access to administrative functions or sensitive data

🟠

Likely Case

Unauthorized access to user accounts, privilege escalation, or data exposure

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring detecting unauthorized access attempts

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available in the provided references; remote exploitation is possible

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: unknown

Vendor Advisory: none

Restart Required: Yes

Instructions:

No official patch available. Consider upgrading to any version above 0.0.28 if released, or apply workarounds.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict access to the authentication endpoint using firewall rules or network segmentation

Authentication Bypass Monitoring

all

Implement additional authentication checks or monitoring for unauthorized access patterns

🧯 If You Can't Patch

Implement strict network segmentation to isolate the vulnerable component
Deploy web application firewall (WAF) rules to detect and block exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check if getmaxun maxun version is 0.0.28 or earlier by examining package.json or running version check command

Check Version:

Check package.json for version or run application with --version flag

Verify Fix Applied:

Verify version is above 0.0.28 and test authentication endpoint for proper authorization

📡 Detection & Monitoring

Log Indicators:

Unusual authentication attempts
Access to protected routes without proper credentials
Failed authorization logs followed by successful access

Network Indicators:

Unusual traffic patterns to /auth endpoint
Requests bypassing expected authentication flows

SIEM Query:

source="auth_endpoint" AND (status="200" OR status="302") AND NOT (user_authenticated="true")

📊 Metadata

CVE ID: CVE-2025-15106

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-266

EPSS Score: 0.15% exploit probability (35.9th percentile)

Published: December 27, 2025

Last Updated: December 31, 2025

🔗 References

https://gist.github.com/H2u8s/1a0bdb19d5c8c8f4dc72cb49ffe9a22b Exploit
https://vuldb.com/?ctiid.338477 Permissions Required,VDB Entry
https://vuldb.com/?id.338477 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.710268 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15106, you might also want to check these: