CVE-2025-56447
BaseFortify
Publication date: 2025-10-22
Last updated on: 2025-10-22
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rt_systems | tm2_monitoring | 3.04 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
| CWE-319 | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-56447 is a vulnerability in TM2 Monitoring v3.04 that allows an attacker to bypass authentication and obtain plaintext administrative credentials. This happens because the system relies only on client-side JavaScript for authentication, which can be bypassed by sending an unauthenticated HTTP GET request to the /security.php endpoint. The server then returns sensitive information including admin and guest passwords in clear text within the HTML response, allowing unauthorized access to administrative features. [4]
How can this vulnerability impact me? :
This vulnerability can have severe impacts as it allows attackers to bypass authentication and gain unauthorized access to administrative functions of TM2 Monitoring. Additionally, attackers can obtain plaintext credentials, compromising the confidentiality of sensitive passwords. This can lead to full control over the system's protected features, potentially resulting in data breaches, system manipulation, or further exploitation. [4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending an unauthenticated HTTP GET request to the endpoint /security.php on the TM2 Monitoring v3.04 system and checking if the response contains plaintext administrative credentials in the HTML form inputs. For example, you can use the following command with curl to test for the vulnerability: curl -s http://<target-ip-or-host>/security.php | grep -E 'pw_admin|pw_guest' If the output shows input fields with plaintext passwords, the system is vulnerable. [4]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the /security.php endpoint to trusted users only, such as by implementing network-level access controls or firewall rules. Additionally, avoid exposing TM2 Monitoring v3.04 instances directly to untrusted networks until a vendor patch or update is available. Monitoring and alerting on unexpected access to /security.php can also help detect exploitation attempts. [4]