Home

Description

A security flaw has been discovered in nutzam NutzBoot up to 2.6.0-SNAPSHOT. The impacted element is an unknown function of the file nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java of the component Ethereum Wallet Handler. Performing manipulation results in information disclosure. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.

PUBLISHED Reserved 2025-11-30 | Published 2025-12-01 | Updated 2025-12-01 | Assigner VulDB




MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
MEDIUM: 4.3CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
4.0AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR

Problem types

Information Disclosure

Improper Access Controls

Product status

2.6.0-SNAPSHOT
affected

Timeline

2025-11-30:Advisory disclosed
2025-11-30:VulDB entry created
2025-11-30:VulDB entry last update

Credits

sh7err03 (VulDB User) reporter

References

vuldb.com/?id.333814 (VDB-333814 | nutzam NutzBoot Ethereum Wallet EthModule.java information disclosure) vdb-entry

vuldb.com/?ctiid.333814 (VDB-333814 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.692050 (Submit #692050 | NutzBoot project NutzBoot NutzBoot 2.6.0-SNAPSHOT Information Disclosure (Wallet password leakage)) third-party-advisory

github.com/...ob/main/archives/nutzboot-InfoLeak-1/report.md related

github.com/...ob/main/archives/nutzboot-InfoLeak-1/report.md exploit

cve.org (CVE-2025-13804)

nvd.nist.gov (CVE-2025-13804)

Download JSON