CVE-2025-6533
BaseFortify
Publication date: 2025-06-24
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| xxyopen | novel-plus | to 5.1.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
| CWE-307 | The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame. |
| CWE-294 | A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-6533 is a vulnerability in the novel-plus application (up to version 5.1.3) affecting the ajaxLogin function. The issue is a Captcha Replay Attack caused by the application validating a captcha correctly but failing to invalidate or remove it after its first use. This allows an attacker to reuse a single valid captcha token indefinitely, bypassing anti-automation brute-force protections and enabling automated password guessing attacks without being blocked by captcha verification. [1, 3]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to bypass authentication controls by replaying a valid captcha token multiple times, enabling automated brute-force or dictionary attacks on user passwords. This compromises the confidentiality, integrity, and availability of the affected system by allowing unauthorized access remotely without authentication. Exploitation is difficult but possible, and a public proof-of-concept exploit exists. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for repeated use of the same captcha token in authentication attempts, indicating a captcha replay attack. Network sniffing tools can be used to capture authentication traffic to identify replayed captcha tokens. Since the attack involves replaying the same valid captcha token multiple times, commands to capture and analyze HTTP requests to the ajaxLogin endpoint can help detect it. For example, using tcpdump or Wireshark to capture traffic on the relevant port, and then filtering for repeated identical captcha values in POST requests to ajaxLogin. Additionally, web server logs can be analyzed for multiple login attempts with the same captcha token. Example commands: 1) tcpdump -i eth0 -A -s 0 'tcp port 80 or tcp port 443' | grep ajaxLogin 2) tshark -Y 'http.request.uri contains "ajaxLogin"' -T fields -e http.file_data 3) grep 'captcha_token_value' /var/log/nginx/access.log (replace captcha_token_value with observed token) These methods help identify if the same captcha token is being reused, indicating exploitation of the vulnerability. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected product with an alternative solution, as no known mitigations or patches have been provided by the vendor. Additionally, implementing server-side invalidation or removal of captcha tokens immediately after their first successful use can prevent replay attacks. If modifying the application is possible, update the ajaxLogin method to invalidate the captcha stored in the session after validation. In the short term, monitoring and blocking repeated login attempts with the same captcha token can reduce risk. Network-level protections such as rate limiting, IP blocking, and enhanced logging should also be applied to detect and prevent brute-force attempts exploiting this vulnerability. [2, 3]