CVE-2025-27452
BaseFortify
Publication date: 2025-07-03
Last updated on: 2026-02-06
Assigner: SICK AG
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| endress | meac300-fnade4_firmware | to 0.16.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-548 | The product inappropriately exposes a directory listing with an index of all the resources located inside of the directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the Apache httpd webserver configuration for the MEAC300-FNADE4 web application. The webserver has unnecessary modules enabled that are not required for the application to function. Some of these modules allow directory listing, which can expose sensitive information about the server's file structure.
How can this vulnerability impact me? :
The vulnerability can lead to information disclosure by enabling directory listing on the webserver. This exposure can provide attackers with insights into the server's directory structure and files, potentially aiding further attacks or exploitation.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should disable or remove any Apache httpd modules that are not required for the operation of the MEAC300-FNADE4 web application, especially those that enable directory listing functionality.