CVE-2025-70040
Analyzed Analyzed - Analysis Complete
Sensitive Data Exposure via Logging in LupinLin1 jimeng-web-mcp v

Publication date: 2026-03-09

Last updated on: 2026-05-21

Assigner: MITRE

Description
An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-09
Last Modified
2026-05-21
Generated
2026-06-16
AI Q&A
2026-03-09
EPSS Evaluated
2026-06-15
NVD
CVE-2025-70040
EUVD
EUVD-2025-208423
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
lupinlin1 jimeng_web_mcp_server 2.1.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-532 The product writes sensitive information to a log file.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-70040 is a vulnerability in the jimeng-web-mcp version 2.1.2 software, classified as CWE-532: Insertion of Sensitive Information into Log File.

This vulnerability occurs because the software improperly handles sensitive data by writing it into log files.

As a result, sensitive or confidential information can be exposed if these log files are accessed by unauthorized parties or are not properly secured.

Impact Analysis

The vulnerability can lead to unauthorized exposure of sensitive information contained in the log files.

If an attacker gains access to these log files, they may obtain confidential data that was not intended to be publicly accessible.

This exposure can result in data breaches, loss of privacy, and potential misuse of the sensitive information.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability involves the insertion of sensitive information into log files by jimeng-web-mcp version 2.1.2. To detect it, you should inspect the log files generated by the application for any sensitive data exposure.'}, {'type': 'paragraph', 'content': 'You can use commands to search for sensitive information patterns in the log files. For example, using grep on Linux systems:'}, {'type': 'list_item', 'content': "grep -iE 'password|secret|token|apikey|credential' /path/to/jimeng-web-mcp/logs/*"}, {'type': 'list_item', 'content': "tail -f /path/to/jimeng-web-mcp/logs/* | grep -iE 'password|secret|token|apikey|credential'"}, {'type': 'paragraph', 'content': "These commands help identify if sensitive keywords appear in the logs, indicating the vulnerability's presence."}] [1]

Mitigation Strategies

To mitigate this vulnerability, you should immediately restrict access to the log files to prevent unauthorized users from viewing sensitive information.

Additionally, consider the following steps:

  • Review and sanitize log file contents to remove sensitive data.
  • Apply any available patches or updates from the jimeng-web-mcp project that address this issue.
  • If no patch is available, consider disabling or modifying logging configurations to avoid logging sensitive information.
  • Monitor logs regularly for any sensitive data exposure.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-70040. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart