CVE-2025-4536 is a critical information disclosure vulnerability identified in version 1.0 of the Gosuncn Technology Group Audio-Visual Integrated Management Platform. The vulnerability resides in an unspecified functionality related to the endpoint /sysmgr/user/listByPage. This endpoint, when manipulated remotely without any authentication or user interaction, allows an attacker to access sensitive information that should otherwise be protected. The vulnerability has a CVSS 4.0 base score of 6.9, indicating a medium severity level. The vector details reveal that the attack can be performed remotely (AV:N) with low attack complexity (AC:L), requiring no privileges (PR:N), no user interaction (UI:N), and results in low impact on confidentiality (VC:L) but no impact on integrity or availability. The vendor has been contacted but has not responded or provided a patch, and while the exploit has been publicly disclosed, there are no known exploits actively used in the wild at this time. The lack of authentication and user interaction requirements combined with remote exploitability makes this vulnerability a notable risk, especially for organizations using this platform to manage audio-visual systems, which may contain sensitive user or operational data. The disclosure of such information could facilitate further attacks or unauthorized surveillance.

For European organizations using the Gosuncn Audio-Visual Integrated Management Platform, this vulnerability poses a significant risk of unauthorized information disclosure. The exposed data could include user lists, system configurations, or other sensitive operational details that could be leveraged for espionage, targeted attacks, or disruption of critical audio-visual infrastructure. Given the platform's role in integrated management, attackers could gain insights into organizational structures or security postures. This is particularly concerning for sectors such as government, critical infrastructure, education, and large enterprises that rely on such platforms for secure communications and monitoring. The absence of a vendor patch increases the window of exposure, and the public availability of exploit details lowers the barrier for attackers. While no active exploitation is currently reported, the potential for rapid weaponization exists, especially in the context of geopolitical tensions or cyber espionage campaigns targeting European entities.

Organizations should immediately assess their exposure by identifying any deployments of Gosuncn Technology Group Audio-Visual Integrated Management Platform version 1.0. In the absence of an official patch, network-level mitigations should be implemented, such as restricting access to the /sysmgr/user/listByPage endpoint via firewall rules or network segmentation to trusted administrative networks only. Employing web application firewalls (WAFs) with custom rules to detect and block suspicious requests targeting this endpoint can reduce risk. Monitoring network traffic and logs for unusual access patterns or attempts to query this endpoint is critical. Additionally, organizations should consider isolating the affected platform from the internet or untrusted networks until a vendor patch or workaround is available. Engaging with the vendor for updates and following threat intelligence feeds for any emerging exploit activity is recommended. Finally, organizations should review and harden access controls and audit logs on the platform to detect and respond to any unauthorized access attempts.