CVE-2025-2339
Published: 16 March 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-2339 is a vulnerability classified as problematic in otale Tale Blog version 2.0.5, affecting an unknown part of the file /%61dmin/api/logs. The issue stems from improper authentication (CWE-287), with a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). It was published on 2025-03-16.
The vulnerability enables remote exploitation by unauthenticated attackers requiring low attack complexity and no user interaction. Successful manipulation allows attackers to bypass authentication, resulting in low-impact confidentiality disclosure with no effect on integrity or availability.
Advisories from VulDB (ctiid.299805, id.299805, submit.511578) and a GitHub repository detail the public disclosure of an exploit. The vendor was contacted early regarding the issue but provided no response, and the vulnerability impacts only products no longer supported by the maintainer. No patches or specific mitigations are referenced.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability in otale Tale Blog 2.0.5 enables remote attackers to bypass authentication and access the admin API logs endpoint (/admin/api/logs) without credentials, directly facilitating exploitation of a public-facing web application.