CVE-2023-6757 is an information disclosure vulnerability identified in Thecosy IceCMS version 2.0.1. The vulnerability resides in an unspecified functionality within the API component located at the /adplanet/PlanetUser endpoint. This flaw allows an unauthenticated remote attacker to manipulate requests to this endpoint, resulting in unauthorized disclosure of sensitive information. The vulnerability is classified under CWE-200, which pertains to the exposure of information to an unauthorized actor. The CVSS v3.1 base score is 5.3, indicating a medium severity level. The attack vector is network-based (AV:N), requiring no privileges (PR:N) and no user interaction (UI:N), making exploitation feasible remotely without authentication. The impact is limited to confidentiality loss (C:L) without affecting integrity or availability. Although no public exploit is currently known to be actively used in the wild, the exploit details have been publicly disclosed, increasing the risk of exploitation attempts. No official patches or mitigations have been linked to this vulnerability as of the publication date, which necessitates proactive defensive measures by affected organizations.

For European organizations using Thecosy IceCMS 2.0.1, this vulnerability poses a risk of unauthorized exposure of potentially sensitive data accessible via the /adplanet/PlanetUser API endpoint. Information disclosure can lead to further targeted attacks such as social engineering, credential harvesting, or reconnaissance for more severe exploits. While the vulnerability does not directly impact system integrity or availability, the confidentiality breach could undermine trust, violate data protection regulations such as GDPR, and result in reputational damage. Organizations in sectors handling personal or sensitive data—such as government, healthcare, finance, and critical infrastructure—are particularly at risk. The remote and unauthenticated nature of the exploit increases the attack surface, especially for publicly accessible CMS installations. Given the lack of patches, European entities must prioritize detection and containment to prevent data leakage and comply with regulatory requirements.

Since no official patch is currently available, European organizations should implement the following specific mitigations: 1) Restrict access to the /adplanet/PlanetUser API endpoint using network-level controls such as IP whitelisting, VPN access, or firewall rules to limit exposure to trusted internal networks only. 2) Employ Web Application Firewalls (WAFs) with custom rules to detect and block suspicious requests targeting this endpoint, particularly those attempting to manipulate API parameters. 3) Conduct thorough logging and monitoring of API access to identify anomalous or unauthorized access patterns promptly. 4) If feasible, disable or remove the vulnerable API component until a patch is released. 5) Engage with Thecosy vendor support channels to obtain updates or patches and apply them immediately upon availability. 6) Perform regular security assessments and penetration tests focusing on API endpoints to identify and remediate similar vulnerabilities proactively. 7) Educate development and operations teams about secure API design and the risks of information disclosure to prevent recurrence.