CVE-2025-13200 identifies a vulnerability in SourceCodester Farm Management System version 1.0 where directory listing is enabled or improperly configured, allowing remote attackers to enumerate files and directories on the web server hosting the application. This exposure can reveal sensitive files such as configuration files, source code, backup files, or other data that should remain confidential. The vulnerability requires no authentication or user interaction and can be exploited remotely over the network, making it accessible to any attacker scanning for vulnerable instances. The CVSS 4.0 base score of 6.9 reflects a medium severity, primarily due to the confidentiality impact from information disclosure, with no impact on integrity or availability. The vulnerability does not require privileges or user interaction, increasing its exploitability. Although no known exploits are currently active in the wild, the public disclosure of the vulnerability increases the risk of exploitation by opportunistic attackers. The lack of vendor patches at the time of disclosure means organizations must rely on configuration changes such as disabling directory listing in the web server or restricting access to sensitive directories. This vulnerability is particularly relevant to organizations in the agricultural sector using this specific farm management software, as exposed information could facilitate further targeted attacks or data breaches.

For European organizations, especially those in the agricultural sector using SourceCodester Farm Management System 1.0, this vulnerability poses a risk of unauthorized information disclosure. Exposure of directory listings can reveal sensitive operational data, configuration details, or source code, which attackers can leverage to identify further vulnerabilities or gain unauthorized access. This can lead to compromised confidentiality of business-critical information, potential intellectual property theft, and increased risk of subsequent attacks such as privilege escalation or ransomware. While the vulnerability does not directly affect system integrity or availability, the information gained can facilitate more damaging attacks. Given the importance of agriculture in many European economies and the increasing digitization of farm management, exploitation could disrupt supply chains or damage organizational reputation. The medium severity rating suggests a moderate but non-negligible risk that should be addressed promptly to prevent exploitation.

1. Immediately disable directory listing on the web server hosting the SourceCodester Farm Management System by configuring the server settings (e.g., disabling 'Options Indexes' in Apache or 'directoryBrowse' in IIS). 2. Restrict access to sensitive directories and files using access control mechanisms such as .htaccess files or web server access rules. 3. Monitor web server logs for unusual directory access attempts to detect potential reconnaissance activity. 4. Apply any vendor-provided patches or updates as soon as they become available. 5. Conduct a security audit of the farm management system deployment to identify and remediate other potential misconfigurations. 6. Implement network segmentation to isolate the farm management system from critical internal networks to limit lateral movement if compromised. 7. Educate system administrators about secure web server configurations and the risks of directory listing exposure. 8. Consider deploying web application firewalls (WAF) to detect and block suspicious requests targeting directory enumeration.