CVE-2025-48045

Summary

An unauthenticated HTTP GET request to the /client.php endpoint will disclose the default administrator user credentials.

Affected Software

VendorProductVersion RangeStatus
MICI Network Co. Ltd.NetFax Server0 < 3.0.1.0affected

Weaknesses

  • CWE-201: CWE-201 Insertion of Sensitive Information Into Sent Data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References