CVE-2025-43928 is a path traversal vulnerability identified in Infodraw Media Relay Service (MRS) version 7.1.0.0. The vulnerability exists in the MRS web server, which listens on port 12654. Specifically, the flaw allows an attacker to manipulate the username field to include '../' sequences, enabling directory traversal beyond the intended directory scope. This unauthorized traversal permits reading arbitrary files on the server filesystem. A critical file that can be accessed through this vulnerability is ServerParameters.xml, which contains administrator credentials either in cleartext or hashed using MD5. The exposure of these credentials could allow an attacker to escalate privileges or gain persistent access to the system. The vulnerability is categorized under CWE-24 (Path Traversal), indicating improper sanitization or validation of user-supplied input used in file path construction. No patches or fixes have been published at the time of this report, and there are no known exploits in the wild. The vulnerability was published on April 20, 2025, and has been enriched by CISA, highlighting its relevance. The attack vector requires no authentication, as the username field is part of the web server interface, and no user interaction beyond sending crafted requests is necessary. The ease of exploitation is high due to the straightforward nature of directory traversal attacks and the direct exposure of sensitive configuration files. The impact includes potential compromise of confidentiality (exposure of admin credentials), integrity (if credentials are used to modify system settings), and availability (through potential further exploitation).

For European organizations using Infodraw Media Relay Service 7.1.0.0, this vulnerability poses a significant risk. The ability to read arbitrary files, especially those containing administrator credentials, can lead to unauthorized access and control over the affected systems. This could result in data breaches, disruption of media relay services critical for communication infrastructure, and potential lateral movement within networks. Organizations in sectors such as telecommunications, media broadcasting, and any enterprise relying on Infodraw MRS for real-time media streaming or relay are particularly at risk. The exposure of credentials hashed with MD5, a weak hashing algorithm, further exacerbates the risk as attackers can potentially crack these hashes to obtain plaintext passwords. The lack of authentication requirement means that attackers can exploit this vulnerability remotely without prior access, increasing the threat surface. Given the strategic importance of media relay services in communication and broadcasting, exploitation could disrupt services and damage organizational reputation. Additionally, compromised credentials may be used to deploy further malware or ransomware, amplifying the impact on confidentiality, integrity, and availability.

Implement strict input validation and sanitization on the username field to prevent directory traversal sequences such as '../'. Restrict the web server's file system permissions to limit access only to necessary directories, preventing exposure of sensitive files like ServerParameters.xml. Isolate the MRS web server in a segmented network zone with strict firewall rules limiting access to trusted IP addresses and networks. Monitor and log all access attempts to the MRS web server, especially requests containing suspicious patterns indicative of directory traversal. If possible, disable or restrict access to the web server interface on port 12654 from untrusted networks until a patch is available. Conduct regular audits of configuration files and credentials, replacing any exposed or weakly hashed passwords with stronger cryptographic hashes and multi-factor authentication where applicable. Engage with Infodraw for updates or patches and apply them promptly once available. Consider deploying Web Application Firewalls (WAF) with rules specifically designed to detect and block directory traversal attempts targeting the MRS web server.