CVE-2025-9273
BaseFortify
Publication date: 2025-09-02
Last updated on: 2025-09-04
Assigner: Zero Day Initiative
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cdata | api_server | 3.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-552 | The product makes files or directories accessible to unauthorized actors, even though they should not be. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in CData API Server involves a misconfiguration in how it handles MySQL connections. Specifically, the server enables an option that allows the MySQL server to request local files from the MySQL client. An authenticated remote attacker can exploit this to disclose sensitive information with the privileges of the NETWORK SERVICE account. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to unauthorized disclosure of sensitive information from the affected system. Although it requires authentication and only impacts confidentiality (not integrity or availability), the attacker gains access to information with NETWORK SERVICE privileges, which could be leveraged for further attacks or data exposure. [1]
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation recommended is to restrict access and interaction with the affected product to prevent exploitation of the vulnerability. [1]