CVE-2025-48046

Summary

An authenticated user can disclose the cleartext password of a configured SMTP server via an HTTP GET request to the /config.php endpoint.

Affected Software

VendorProductVersion RangeStatus
MICI Network Co. Ltd.NetFax Server0 < 3.0.1.0affected

Weaknesses

  • CWE-256: CWE-256: Plaintext Storage of a Password

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References