CVE-2025-9273
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-02

Last updated on: 2025-09-04

Assigner: Zero Day Initiative

Description
CData API Server MySQL Misconfiguration Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of CData API Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the usage of MySQL connections. When connecting to a MySQL server, the product enables an option that gives the MySQL server permission to request local files from the MySQL client. An attacker can leverage this vulnerability to disclose information in the context of NETWORK SERVICE. Was ZDI-CAN-23950.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-02
Last Modified
2025-09-04
Generated
2026-06-16
AI Q&A
2025-09-02
EPSS Evaluated
2026-06-15
NVD
CVE-2025-9273
EUVD
EUVD-2025-26439
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cdata api_server 3.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-552 The product makes files or directories accessible to unauthorized actors, even though they should not be.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in CData API Server involves a misconfiguration in how it handles MySQL connections. Specifically, the server enables an option that allows the MySQL server to request local files from the MySQL client. An authenticated remote attacker can exploit this to disclose sensitive information with the privileges of the NETWORK SERVICE account. [1]

Impact Analysis

If exploited, this vulnerability can lead to unauthorized disclosure of sensitive information from the affected system. Although it requires authentication and only impacts confidentiality (not integrity or availability), the attacker gains access to information with NETWORK SERVICE privileges, which could be leveraged for further attacks or data exposure. [1]

Mitigation Strategies

The primary mitigation recommended is to restrict access and interaction with the affected product to prevent exploitation of the vulnerability. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9273. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart