CVE-2025-34119
BaseFortify
Publication date: 2025-07-16
Last updated on: 2025-07-17
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| easycafe | server | 2.2.14 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
| CWE-668 | The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a remote file disclosure flaw in EasyCafe Server 2.2.14. An unauthenticated attacker can connect to the server on TCP port 831 and use a specific opcode (0x43) in the server's custom protocol to request arbitrary files by specifying their absolute path. If the requested file exists and is accessible, the server returns its contents without requiring any authentication, allowing attackers to access sensitive files.
How can this vulnerability impact me? :
This vulnerability can allow attackers to retrieve sensitive files such as system configuration files, password files, or application data without any authentication. This can lead to unauthorized disclosure of confidential information, potential system compromise, and further exploitation of the affected system.