Auth Bypass via Capture-Replay in xxyopen/201206030 Novel-Plus <=5.1.3
CVE-2025-6533 Published on June 24, 2025
xxyopen/201206030 novel-plus CATCHA LoginController.java ajaxLogin authentication replay
A vulnerability, which was classified as critical, has been found in xxyopen/201206030 novel-plus up to 5.1.3. Affected by this issue is the function ajaxLogin of the file novel-admin/src/main/java/com/java2nb/system/controller/LoginController.java of the component CATCHA Handler. The manipulation leads to authentication bypass by capture-replay. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Types
Authentication Bypass by Capture-replay
A capture-replay flaw exists when the design of the software makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes). Capture-replay attacks are common and can be difficult to defeat without cryptography. They are a subset of network injection attacks that rely on observing previously-sent valid commands, then changing them slightly if necessary and resending the same commands to the server.
What is an authentification Vulnerability?
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
CVE-2025-6533 has been classified to as an authentification vulnerability or weakness.
Products Associated with CVE-2025-6533
Want to know whenever a new CVE is published for Xxyopen Novel Plus? stack.watch will email you.
Affected Versions
xxyopen novel-plus:- Version 5.1.0 is affected.
- Version 5.1.1 is affected.
- Version 5.1.2 is affected.
- Version 5.1.3 is affected.
- Version 5.1.0 is affected.
- Version 5.1.1 is affected.
- Version 5.1.2 is affected.
- Version 5.1.3 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.