CVE-2025-15151 MEDIUM

CVE-2025-15151: TaleLin Lin-CMS Tests Folder config.py password in configuration file

Vendor Talelin
Product Lin-CMS
Weakness CWE-260
Published December 28, 2025
Last update December 29, 2025

CVSS base score

6.3/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was determined in TaleLin Lin-CMS up to 0.6.0. This affects an unknown part of the file /tests/config.py of the component Tests Folder. This manipulation of the argument username/password causes password in configuration file. The attack is possible to be carried out remotely. The complexity of an attack is rather high. It is indicated that the exploitability is difficult. The exploit has been publicly disclosed and may be utilized.

Key dates

02Disclosure timeline

December 28, 2025 CVE published
December 29, 2025 Record updated