CVE-2025-12055

Unauthenticated Local File Disclosure in MPDV Mikrolab MIP 2 / FEDRA 2 / HYDRA X Manufacturing Execution System

CVSS 7.5 HIGHEPSS 3.7%CWE-22

HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance Pack 36 with Servicepack 8 (week 36/2025), which allows an attacker to read arbitrary files from the Windows operating system. The "Filename" parameter of the public $SCHEMAS$ ressource is vulnerable and can be exploited easily.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Produtos afetados

MPDV Mikrolab GmbH · FEDRA 2 MPDV Mikrolab GmbH · HYDRA X MPDV Mikrolab GmbH · MIP 2

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://seclists.org/fulldisclosure/2025/Oct/28 https://r.sec-consult.com/mpdv