CVE-2025-12055
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance Pack 36 with Servicepack 8 (week 36/2025), which allows an attacker to read arbitrary files from the Windows operating system. The "Filename" parameter of the public $SCHEMAS$ ressource is vulnerable and can be exploited easily.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| MPDV Mikrolab GmbH | MIP 2 | <Maintenance Pack 36 with Servicepack 8, release week 36/2025 | affected |
| MPDV Mikrolab GmbH | FEDRA 2 | <Maintenance Pack 36 with Servicepack 8, release week 36/2025 | affected |
| MPDV Mikrolab GmbH | HYDRA X | <Maintenance Pack 36 with Servicepack 8, release week 36/2025 | affected |
Weaknesses
- CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.