CVE-2025-2407 is a critical security vulnerability identified in Mobatime's AMX MTAPI version 6, specifically affecting its Web-API hosted on Microsoft IIS servers. The vulnerability stems from missing authentication and authorization controls (CWE-306 and CWE-862) on critical API functions, allowing any remote attacker to access these functions without any credentials or user interaction. This means that an adversary can connect over the network and invoke sensitive operations exposed by the API without restriction. The vulnerability is classified as critical with a CVSS 4.0 base score of 9.3, reflecting its high impact and ease of exploitation. The attack vector is network-based (AV:N), requiring no privileges (PR:N), no user interaction (UI:N), and no authentication (AU:Y) is bypassed, resulting in high confidentiality, integrity, and availability impacts. The scope is unchanged (S:U), indicating the vulnerability affects the vulnerable component itself. Although no known exploits are currently reported in the wild, the vulnerability's nature and severity make it a prime target for exploitation. The vendor has addressed this issue in version 1.5 of the product, indicating that versions prior to this remain vulnerable. The vulnerability affects version 6 of AMX MTAPI, but the affectedVersions field lists '0', which likely indicates all versions prior to 1.5 or a data entry inconsistency. The vulnerability was reserved in March 2025 and published in May 2025, indicating recent discovery and disclosure.

For European organizations, the impact of CVE-2025-2407 can be severe, especially for those relying on Mobatime AMX MTAPI for time management, access control, or other critical infrastructure functions. Unauthorized access to the Web-API could allow attackers to manipulate time synchronization, access control logs, or other sensitive data, potentially disrupting business operations, compromising data integrity, or enabling further lateral movement within networks. Given the criticality of time synchronization in financial services, manufacturing, transportation, and public sector operations, exploitation could lead to operational downtime, regulatory non-compliance, and reputational damage. The lack of authentication means attackers can exploit this vulnerability remotely without prior access, increasing the risk of widespread attacks. Additionally, since the product runs on IIS, a common web server platform in Europe, the attack surface is significant. The absence of known exploits currently provides a window for mitigation, but the critical severity demands immediate attention to prevent exploitation.

European organizations using Mobatime AMX MTAPI should urgently upgrade to version 1.5 or later, where the vulnerability is fixed. Until the upgrade can be performed, organizations should implement network-level access controls to restrict access to the AMX MTAPI Web-API, such as firewall rules limiting connections to trusted hosts or VPNs. Deploying Web Application Firewalls (WAFs) with custom rules to detect and block unauthorized API calls can provide additional protection. Monitoring network traffic for unusual or unauthorized API requests is recommended to detect potential exploitation attempts. Organizations should also audit their IIS configurations to ensure minimal exposure of the vulnerable API endpoints and disable or isolate the AMX MTAPI service if not in active use. Finally, integrating this vulnerability into vulnerability management and patching workflows will ensure timely updates and reduce exposure.