CVE-2025-47872
BaseFortify
Publication date: 2025-08-08
Last updated on: 2025-08-08
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-203 | The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs because the product registration endpoint server responds differently based on whether a serial number (S/N) is valid and unregistered, valid but already registered, or does not exist in the database. Since serial numbers are assigned sequentially, an attacker can use these differing responses to determine the registration status of various serial numbers, potentially gaining unauthorized information about product registrations.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to enumerate and gain information about the registration status of products by exploiting the different server responses for serial numbers. This could lead to privacy concerns, unauthorized knowledge about product usage, or targeted attacks based on registration data.