CVE-2025-15151
Unknown Unknown - Not Provided
Remote Password Manipulation Vulnerability in TaleLin Lin-CMS Tests Folder

Publication date: 2025-12-28

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was determined in TaleLin Lin-CMS up to 0.6.0. This affects an unknown part of the file /tests/config.py of the component Tests Folder. This manipulation of the argument username/password causes password in configuration file. The attack is possible to be carried out remotely. The complexity of an attack is rather high. It is indicated that the exploitability is difficult. The exploit has been publicly disclosed and may be utilized.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-28
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-12-28
EPSS Evaluated
2026-05-05
NVD
CVE-2025-15151
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
talelin lin-cms 0.6.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-255
CWE-260 The product stores a password in a configuration file that might be accessible to actors who do not know the password.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in TaleLin Lin-CMS up to version 0.6.0, specifically in the /tests/config.py file within the Tests Folder component. It involves manipulation of the username or password arguments, which causes the password to be stored or exposed in the configuration file. The attack can be performed remotely but is considered to have high complexity and difficult exploitability. The exploit has been publicly disclosed and may be used by attackers.


How can this vulnerability impact me? :

The vulnerability can lead to exposure of passwords in configuration files, potentially allowing unauthorized access if an attacker exploits it. Since the attack can be carried out remotely, it increases the risk of compromise. However, the attack complexity is high and exploitability is difficult, which may limit the likelihood of successful exploitation.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability exposes default administrator credentials stored in a configuration file, potentially leading to unauthorized access and leakage of sensitive information. This could negatively impact compliance with standards and regulations such as GDPR and HIPAA, which require protection of sensitive data and proper access controls. However, no explicit mention of compliance impact is provided in the resources. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by checking for the presence of the /tests/config.py file in the deployed Lin-CMS installation, as it contains default administrator username and password credentials. You can search for this file on your system using commands like 'find / -name config.py' or 'grep -r "username" /path/to/lin-cms/tests/'. Additionally, scanning for default credentials usage or unauthorized login attempts to the administrator account may help detect exploitation attempts. [1, 2]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include removing the /tests/config.py file from the production environment to eliminate default credentials exposure. Since no known countermeasures or patches are available, it is recommended to replace the affected Lin-CMS component with an alternative product or upgrade to a version that does not include this vulnerability. Also, restrict access to configuration files and monitor for unauthorized access attempts. [2, 1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart