High severity7.3NVD Advisory· Published Dec 1, 2025· Updated Apr 29, 2026

CVE-2025-13806

Description

A security vulnerability has been detected in nutzam NutzBoot up to 2.6.0-SNAPSHOT. This impacts an unknown function of the file nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java of the component Transaction API. The manipulation of the argument from/to/wei leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.nutz:nutzboot-parentMaven	<= 2.6.0-SNAPSHOT	—

Affected products

Nutzam/Nutzboot
cpe:2.3:a:nutzam:nutzboot:*:*:*:*:*:maven:*:*
Range: <=2.6.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-53v5-9752-qq92ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-13806ghsaADVISORY
vuldb.comnvdThird Party AdvisoryVDB EntryWEB
vuldb.comnvdThird Party AdvisoryVDB EntryWEB
github.com/Xzzz111/exps/blob/main/archives/nutzboot-UnauthorizedTransfer-1/report.mdnvdBroken LinkWEB
github.com/Xzzz111/exps/blob/main/archives/nutzboot-UnauthorizedTransfer-1/report.mdnvdBroken LinkWEB
vuldb.comnvdPermissions RequiredVDB EntryWEB

News mentions

No linked articles in our index yet.

cvss	0.474
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000