Is there a public PoC exploit available for CVE-2025-5906?

Yes, a public proof-of-concept exploit is available for CVE-2025-5906. Prioritise patching immediately. EPSS: 0.3%.

How to fix or mitigate CVE-2025-5906?

Within 24 hours: Inventory all systems running Laundry System 1.0 and isolate affected instances from production networks if possible; enable enhanced logging on the /data/ endpoint. Within 7 days: Implement WAF rules to block suspicious /data/ access patterns and apply network segmentation to restrict access to the application; contact the vendor for patch timeline and workarounds. Within 30 days: Either apply the vendor patch immediately upon release or execute a complete migration to an alternative laundry management solution; conduct a security audit for any unauthorized access during the exposure period.

CVE-2025-5906

Q: What is the CVSS score of CVE-2025-5906?

CVE-2025-5906 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.3%.

EUVD-2025-17615 MEDIUM

Improper Authentication (CWE-287)

2025-06-10 cna@vuldb.com

Authentication Bypass

5.5

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

5.5 MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

Apr 29, 2026 - 01:11 NVD

HIGH MEDIUM

CVSS changed

Apr 29, 2026 - 01:11 NVD

7.3 (HIGH) 5.5 (MEDIUM)

EUVD ID Assigned

Mar 14, 2026 - 19:49 euvd

EUVD-2025-17615

Analysis Generated

Mar 14, 2026 - 19:49 vuln.today

PoC Detected

Jun 13, 2025 - 19:51 vuln.today

Public exploit code

CVE Published

Jun 10, 2025 - 01:15 nvd

HIGH 7.3

DescriptionCVE.org

A vulnerability classified as critical has been found in code-projects Laundry System 1.0. This affects an unknown part of the file /data/. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Critical authentication bypass vulnerability in code-projects Laundry System 1.0 affecting the /data/ endpoint, allowing unauthenticated remote attackers to read, modify, and potentially disrupt system availability. The vulnerability has been publicly disclosed with exploit code available, and while CVSS 7.3 indicates moderate-to-high severity, the network-based attack vector (AV:N), lack of privilege requirement (PR:N), and absence of user interaction (UI:N) make this immediately exploitable in production environments. Active exploitation is likely given public POC availability and the ease of attack execution.

Technical ContextAI

The vulnerability stems from a broken authentication mechanism (CWE-287: Improper Authentication) within the Laundry System application, specifically in the /data/ file handler. CWE-287 indicates the application fails to properly verify user identity before granting access to sensitive data endpoints. The affected product is code-projects Laundry System version 1.0 (CPE would be: cpe:2.3:a:code-projects:laundry_system:1.0:*:*:*:*:*:*:*). The vulnerability likely involves missing or inadequately enforced authentication checks at the HTTP API layer, potentially allowing direct file access or data manipulation without credentials. The 'unknown part' designation suggests either obfuscated code or widespread auth bypass affecting multiple data handling functions.

CVE-2025-5906 vulnerability details – vuln.today

Back