CVE-2025-4364

The affected products could allow an unauthenticated attacker to access system information that could enable further access to sensitive files and obtain administrative credentials.

CVSS

No CVSS.

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-11

Configurations

No configuration.

History

20 May 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-20 18:15

Updated : 2025-05-21 20:24

NVD link : CVE-2025-4364

Mitre link : CVE-2025-4364

CVE.ORG link : CVE-2025-4364

JSON object : View

Products Affected

No product.

CWE

CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Show plain JSON

{"id": "CVE-2025-4364", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-05-20T18:15:47.807", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-11", "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-497"}]}], "descriptions": [{"lang": "en", "value": "The affected products could allow an unauthenticated attacker to access system information that could enable further access to sensitive files and obtain administrative credentials."}], "lastModified": "2025-05-21T20:24:58.133", "sourceIdentifier": "ics-cert@hq.dhs.gov"}

{

id : CVE-2025-4364 (string)

cveTags : [ *empty* ]

metrics : { »

cvssMetricV40 : [ »

0 : { »

type : Secondary (string)

source : ics-cert@hq.dhs.gov (string)

cvssData : { »

Safety : NOT_DEFINED (string)

version : 4.0 (string)

Recovery : NOT_DEFINED (string)

baseScore : 8.7 (number)

Automatable : NOT_DEFINED (string)

attackVector : NETWORK (string)

baseSeverity : HIGH (string)

valueDensity : NOT_DEFINED (string)

vectorString : CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X (string)

exploitMaturity : NOT_DEFINED (string)

providerUrgency : NOT_DEFINED (string)

userInteraction : NONE (string)

attackComplexity : LOW (string)

attackRequirements : NONE (string)

privilegesRequired : NONE (string)

subIntegrityImpact : NONE (string)

vulnIntegrityImpact : NONE (string)

integrityRequirement : NOT_DEFINED (string)

modifiedAttackVector : NOT_DEFINED (string)

subAvailabilityImpact : NONE (string)

vulnAvailabilityImpact : NONE (string)

availabilityRequirement : NOT_DEFINED (string)

modifiedUserInteraction : NOT_DEFINED (string)

modifiedAttackComplexity : NOT_DEFINED (string)

subConfidentialityImpact : NONE (string)

vulnConfidentialityImpact : HIGH (string)

confidentialityRequirement : NOT_DEFINED (string)

modifiedAttackRequirements : NOT_DEFINED (string)

modifiedPrivilegesRequired : NOT_DEFINED (string)

modifiedSubIntegrityImpact : NOT_DEFINED (string)

modifiedVulnIntegrityImpact : NOT_DEFINED (string)

vulnerabilityResponseEffort : NOT_DEFINED (string)

modifiedSubAvailabilityImpact : NOT_DEFINED (string)

modifiedVulnAvailabilityImpact : NOT_DEFINED (string)

modifiedSubConfidentialityImpact : NOT_DEFINED (string)

modifiedVulnConfidentialityImpact : NOT_DEFINED (string)

}

]

}

published : 2025-05-20T18:15:47.807 (string)

references : [ »

0 : { »

url : https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-11 (string)

source : ics-cert@hq.dhs.gov (string)

}

]

vulnStatus : Awaiting Analysis (string)

weaknesses : [ »

0 : { »

type : Primary (string)

source : ics-cert@hq.dhs.gov (string)

description : [ »

0 : { »

lang : en (string)

value : CWE-497 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : The affected products could allow an unauthenticated attacker to access system information that could enable further access to sensitive files and obtain administrative credentials. (string)

}

]

lastModified : 2025-05-21T20:24:58.133 (string)

sourceIdentifier : ics-cert@hq.dhs.gov (string)

}

CVE-2025-4364

JSON object

Attach tags to CVE-2025-4364

Attach tags to `CVE-2025-4364`