CVE-2025-15141

Low CVSS: 2.3

A vulnerability was determined in Halo up to 2.21.10. This issue affects some unknown processing of the file /actuator of the component Configuration Handler. Executing a manipulation can lead to information disclosure. The attack may be performed from remote. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Halo

Product

Halo

CWE

CWE-200

Yayın Tarihi

2025-12-28 15:15:41

Güncelleme

2026-02-24 07:16:58

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-200 Halo LOW Halo 2025

Referanslar

https://github.com/SECWG/cve/issues/9 https://vuldb.com/?ctiid.338519 https://vuldb.com/?id.338519 https://vuldb.com/?submit.715235

Benzer Kayıtlar

High

CVE-2025-70886

An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the…

Medium

CVE-2025-44593

Halo prior to 2.20.13 allows bypassing file type detection and uploading malicious files such as .exe and .html files. S…

Medium

CVE-2025-44595

Halo v2.20.17 and before is vulnerable to Cross Site Scripting (XSS) in /halo_host/archives/{name}.

Critical

CVE-2025-44594

halo v2.20.17 and before is vulnerable to server-side request forgery (SSRF) in /apis/uc.api.storage.halo.run/v1alpha1/a…

Medium

CVE-2024-56156

Halo is an open source website building tool. Prior to version 2.20.13, a vulnerability in Halo allows attackers to bypa…