Novel-Plus Java app missing auth in addCrawlSource (CVE-2025-4018)
CVE-2025-4018 Published on April 28, 2025
20120630 Novel-Plus CrawlController.java addCrawlSource missing authentication
A vulnerability, which was classified as critical, has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This issue affects the function addCrawlSource of the file novel-crawl/src/main/java/com/java2nb/novel/controller/CrawlController.java. The manipulation leads to missing authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Types
Missing Authentication for Critical Function
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
What is an authentification Vulnerability?
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
CVE-2025-4018 has been classified to as an authentification vulnerability or weakness.
Affected Versions
20120630 Novel-Plus Version 0e156c04b4b7ce0563bef6c97af4476fcda8f160 is affected by CVE-2025-4018Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.