CVE-2025-15106
Improper Authorization in getmaxun Authentication Endpoint (router.get
Publication date: 2025-12-27
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| getmaxun | maxun | 0.0.28 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a weakness in the getmaxun maxun software up to version 0.0.28, specifically in the router.get function within the Authentication Endpoint component. It allows an attacker to perform improper authorization by manipulating the function remotely, potentially gaining unauthorized access.
How can this vulnerability impact me? :
The vulnerability can lead to improper authorization, meaning an attacker could remotely exploit it to gain unauthorized access to protected resources or functions, potentially compromising the security of the system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthorized access to sensitive user information, including email addresses and private API keys, by bypassing proper authorization controls. This improper authorization and exposure of personal data can lead to violations of data protection regulations such as GDPR and HIPAA, which require strict access controls and protection of personal and sensitive information. Therefore, exploitation of this vulnerability could result in non-compliance with these standards due to unauthorized disclosure and potential misuse of protected data. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring API requests to the /auth/user/:id endpoint for unauthorized access attempts where a valid token is used to access user IDs other than the token owner's. You can detect exploitation attempts by capturing HTTP GET requests that include different user IDs in the URL path while using the same authentication token. For example, using curl commands to test access with a valid token to different user IDs can help identify the vulnerability. Example command: curl -H "Authorization: Bearer <valid_token>" https://<target>/auth/user/2688 and then changing the user ID to see if data for other users is accessible. Network monitoring tools can also be configured to alert on such suspicious token reuse across different user IDs. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable /auth/user/:id endpoint, monitoring and blocking suspicious requests that attempt to access other users' data, and applying strict access controls. Since no official patch or vendor response is available, it is recommended to upgrade to version 0.0.29 of maxun where the issue is fixed. Alternatively, replace the affected component with a secure alternative. Additionally, review and modify the authorization logic to ensure the user ID is obtained from the authenticated token payload rather than from request parameters, preventing unauthorized access. [2, 3]