Information Disclosure in NutzBoot <=2.6.0 via Ethereum Wallet Handler
CVE-2025-13804 Published on December 1, 2025
nutzam NutzBoot Ethereum Wallet EthModule.java information disclosure
A security flaw has been discovered in nutzam NutzBoot up to 2.6.0-SNAPSHOT. The impacted element is an unknown function of the file nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java of the component Ethereum Wallet Handler. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update 2 days later.
Weakness Types
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2025-13804 has been classified to as an Information Disclosure vulnerability or weakness.
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2025-13804 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2025-13804
Want to know whenever a new CVE is published for Nutzam Nutzboot? stack.watch will email you.
Affected Versions
nutzam NutzBoot Version 2.6.0-SNAPSHOT is affected by CVE-2025-13804Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.