9.8
CVE-2025-63958
- EPSS 0.45%
- Veröffentlicht 24.11.2025 00:00:00
- Zuletzt bearbeitet 30.12.2025 17:53:54
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginMILLENSYS Vision Tools Workspace 6.5.0.2585 exposes a sensitive configuration endpoint (/MILLENSYS/settings) that is accessible without authentication. This page leaks plaintext database credentials, file share paths, internal license server configuration, and software update parameters. An unauthenticated attacker can retrieve this information by accessing the endpoint directly, potentially leading to full system compromise. The vulnerability is due to missing access controls on a privileged administrative function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Millensys ≫ Vision Tools Workspace Version5.10.5.2429
Millensys ≫ Vision Tools Workspace Version6.5.0.2585
Millensys ≫ Vision Tools Workspace Version6.5.0.2596
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.45% | 0.633 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.