CVE-2025-12055

Summary

HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance Pack 36 with Servicepack 8 (week 36/2025), which allows an attacker to read arbitrary files from the Windows operating system. The "Filename" parameter of the public $SCHEMAS$ ressource is vulnerable and can be exploited easily.

Affected Software

VendorProductVersion RangeStatus
MPDV Mikrolab GmbHMIP 2<Maintenance Pack 36 with Servicepack 8, release week 36/2025affected
MPDV Mikrolab GmbHFEDRA 2<Maintenance Pack 36 with Servicepack 8, release week 36/2025affected
MPDV Mikrolab GmbHHYDRA X<Maintenance Pack 36 with Servicepack 8, release week 36/2025affected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References