{"id":1961,"date":"2025-04-28T07:33:31","date_gmt":"2025-04-28T07:33:31","guid":{"rendered":"http:\/\/localhost\/?p=1961"},"modified":"2025-04-28T07:33:31","modified_gmt":"2025-04-28T07:33:31","slug":"cve-2025-4019-20120630-novel-plus-generatorcontrollerjava-gencode-missing-authentication","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=1961","title":{"rendered":"CVE-2025-4019 20120630 Novel-Plus GeneratorController.java genCode missing authentication"},"content":{"rendered":"<div class=\"vulnerability-details\">\n<h2>Vulnerability Details<\/h2>\n<div class=\"info-section\">\n<h3>Basic Information<\/h3>\n<table class=\"info-table\">\n<tr>\n<th>Title<\/th>\n<td>CVE-2025-4019 20120630 Novel-Plus GeneratorController.java genCode missing authentication<\/td>\n<\/tr>\n<tr>\n<th>Type<\/th>\n<td>cvelist<\/td>\n<\/tr>\n<tr>\n<th>Published<\/th>\n<td>2025-04-28T12:00:08<\/td>\n<\/tr>\n<tr>\n<th>Last Seen<\/th>\n<td>2025-04-28T12:14:22<\/td>\n<\/tr>\n<tr>\n<th>CVSS Score<\/th>\n<td style=\"color: #ff6600; font-weight: bold;\">7.3 (HIGH)<\/td>\n<\/tr>\n<\/table><\/div>\n<div class=\"cvss-section\">\n<h3>CVSS v3 Details<\/h3>\n<table class=\"cvss-table\">\n<tr>\n<th>Attack Vector<\/th>\n<td>NETWORK<\/td>\n<\/tr>\n<tr>\n<th>Attack Complexity<\/th>\n<td>LOW<\/td>\n<\/tr>\n<tr>\n<th>Privileges Required<\/th>\n<td>NONE<\/td>\n<\/tr>\n<tr>\n<th>User Interaction<\/th>\n<td>NONE<\/td>\n<\/tr>\n<tr>\n<th>Scope<\/th>\n<td>UNCHANGED<\/td>\n<\/tr>\n<tr>\n<th>Confidentiality Impact<\/th>\n<td>LOW<\/td>\n<\/tr>\n<tr>\n<th>Integrity Impact<\/th>\n<td>LOW<\/td>\n<\/tr>\n<tr>\n<th>Availability Impact<\/th>\n<td>LOW<\/td>\n<\/tr>\n<\/table><\/div>\n<div class=\"cve-section\">\n<h3>CVE Information<\/h3>\n<table class=\"cve-table\">\n<tr>\n<th>CVE IDs<\/th>\n<td>CVE-2025-4019<\/td>\n<\/tr>\n<tr>\n<th>CWE<\/th>\n<td>CWE-287, CWE-306<\/td>\n<\/tr>\n<tr>\n<th>Bulletin Family<\/th>\n<td>cve<\/td>\n<\/tr>\n<\/table><\/div>\n<div class=\"description-section\">\n<h3>Description<\/h3>\n<div class=\"description-content\">\n            A vulnerability, which was classified as critical, was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. Affected is the function genCode of the file novel-admin\/src\/main\/java\/com\/java2nb\/common\/controller\/GeneratorController.java. The manipulation leads to missing authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.\n        <\/div>\n<\/p><\/div>\n<div class=\"impact-section\">\n<h3>Impact Assessment<\/h3>\n<table class=\"impact-table\">\n<tr>\n<th>Base Score<\/th>\n<td>7.3<\/td>\n<\/tr>\n<tr>\n<th>Severity<\/th>\n<td style=\"color: #ff6600;\">HIGH<\/td>\n<\/tr>\n<\/table><\/div>\n<div class=\"source-link\">\n<p><a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-4019\" target=\"_blank\">View full CVE details<\/a><\/p>\n<\/p><\/div>\n<\/div>\n<style>\n.vulnerability-details {\n    font-family: Arial, sans-serif;\n    max-width: 1200px;\n    margin: 0 auto;\n    padding: 20px;\n}<\/p>\n<p>.info-section, .cvss-section, .cve-section, .description-section, .impact-section {\n    margin-bottom: 30px;\n    background: #f8f9fa;\n    padding: 20px;\n    border-radius: 8px;\n    box-shadow: 0 2px 4px rgba(0,0,0,0.1);\n}<\/p>\n<p>h2 {\n    color: #2c3e50;\n    border-bottom: 2px solid #3498db;\n    padding-bottom: 10px;\n    margin-bottom: 20px;\n}<\/p>\n<p>h3 {\n    color: #34495e;\n    margin-bottom: 15px;\n}<\/p>\n<p>.info-table, .cvss-table, .cve-table, .impact-table {\n    width: 100%;\n    border-collapse: collapse;\n    margin-bottom: 20px;\n}<\/p>\n<p>.info-table th, .cvss-table th, .cve-table th, .impact-table th {\n    background: #e9ecef;\n    padding: 12px;\n    text-align: left;\n    width: 200px;\n}<\/p>\n<p>.info-table td, .cvss-table td, .cve-table td, .impact-table td {\n    padding: 12px;\n    border-bottom: 1px solid #dee2e6;\n}<\/p>\n<p>.description-content {\n    line-height: 1.6;\n    color: #2c3e50;\n}<\/p>\n<p>.source-link {\n    text-align: center;\n    margin-top: 30px;\n}<\/p>\n<p>.source-link a {\n    display: inline-block;\n    padding: 10px 20px;\n    background: #3498db;\n    color: white;\n    text-decoration: none;\n    border-radius: 5px;\n    transition: background 0.3s;\n}<\/p>\n<p>.source-link a:hover {\n    background: #2980b9;\n}\n<\/style>\n","protected":false},"excerpt":{"rendered":"<p>Vulnerability Details Basic Information Title CVE-2025-4019 20120630 Novel-Plus GeneratorController.java genCode missing authentication Type cvelist Published 2025-04-28T12:00:08 Last Seen 2025-04-28T12:14:22 CVSS Score 7.3 (HIGH) CVSS v3&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,24,8,48,12,21,13,7,11,5],"class_list":["post-1961","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvelist","tag-cvss","tag-cvss-69","tag-exploit","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>CVE-2025-4019 20120630 Novel-Plus GeneratorController.java genCode missing authentication - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=1961\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CVE-2025-4019 20120630 Novel-Plus GeneratorController.java genCode missing authentication - zero redgem\" \/>\n<meta property=\"og:description\" content=\"Vulnerability Details Basic Information Title CVE-2025-4019 20120630 Novel-Plus GeneratorController.java genCode missing authentication Type cvelist Published 2025-04-28T12:00:08 Last Seen 2025-04-28T12:14:22 CVSS Score 7.3 (HIGH) CVSS v3...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=1961\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-04-28T07:33:31+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=1961#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=1961\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"CVE-2025-4019 20120630 Novel-Plus GeneratorController.java genCode missing authentication\",\"datePublished\":\"2025-04-28T07:33:31+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=1961\"},\"wordCount\":167,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"cvelist\",\"CVSS\",\"CVSS-6.9\",\"exploit\",\"MEDIUM\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_cve\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=1961#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=1961\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=1961\",\"name\":\"CVE-2025-4019 20120630 Novel-Plus GeneratorController.java genCode missing authentication - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-04-28T07:33:31+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=1961#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=1961\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=1961#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CVE-2025-4019 20120630 Novel-Plus GeneratorController.java genCode missing authentication\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CVE-2025-4019 20120630 Novel-Plus GeneratorController.java genCode missing authentication - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=1961","og_locale":"en_US","og_type":"article","og_title":"CVE-2025-4019 20120630 Novel-Plus GeneratorController.java genCode missing authentication - zero redgem","og_description":"Vulnerability Details Basic Information Title CVE-2025-4019 20120630 Novel-Plus GeneratorController.java genCode missing authentication Type cvelist Published 2025-04-28T12:00:08 Last Seen 2025-04-28T12:14:22 CVSS Score 7.3 (HIGH) CVSS v3...","og_url":"https:\/\/zero.redgem.net\/?p=1961","og_site_name":"zero redgem","article_published_time":"2025-04-28T07:33:31+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=1961#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=1961"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"CVE-2025-4019 20120630 Novel-Plus GeneratorController.java genCode missing authentication","datePublished":"2025-04-28T07:33:31+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=1961"},"wordCount":167,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","cvelist","CVSS","CVSS-6.9","exploit","MEDIUM","news","Security","tapic","Vulnerability"],"articleSection":["category_cve"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=1961#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=1961","url":"https:\/\/zero.redgem.net\/?p=1961","name":"CVE-2025-4019 20120630 Novel-Plus GeneratorController.java genCode missing authentication - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-04-28T07:33:31+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=1961#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=1961"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=1961#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"CVE-2025-4019 20120630 Novel-Plus GeneratorController.java genCode missing authentication"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/1961","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1961"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/1961\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1961"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1961"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1961"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}