CVE-2025-51539
BaseFortify
Publication date: 2025-08-19
Last updated on: 2025-10-07
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ezged | ezged3 | From 3.5.0 (inc) to 3.5.72.27183 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in EzGED3 3.5.0 allows an unauthenticated remote attacker to read arbitrary files on the server by exploiting improper access control and insufficient input validation in a PHP script exposed via the web interface. The attacker can use directory traversal techniques to access sensitive files such as configuration files, database dumps, source code, and password reset tokens without needing to log in.
How can this vulnerability impact me? :
The vulnerability can lead to exposure of sensitive information including configuration files, database contents, source code, and password reset tokens. If phpMyAdmin is exposed, attackers can extract credentials and gain direct administrative access. Even without such tools, attackers can extract full database contents by reading raw MySQL data files, potentially leading to data breaches and unauthorized system control.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade EzGED3 to version 3.5.72.27183 or later, as the vendor has fixed the issue in that release. Additionally, restrict access to the vulnerable PHP script by implementing authentication and input validation controls, and avoid exposing phpMyAdmin or other database management tools publicly to reduce risk.