CVE-2025-47222 is a vulnerability identified in Keyfactor SignServer versions prior to 7.3.2 involving class name enumeration. The issue arises because when a client supplies a class name to properties that require a class path, the server's error responses differ depending on whether the class exists in the deployed application or not. This discrepancy allows an unauthenticated remote attacker to enumerate the classes loaded within the application environment by analyzing the error messages returned. The vulnerability falls under CWE-284 (Improper Access Control), as the application inadvertently reveals internal implementation details that should remain confidential. The CVSS v3.1 base score is 6.5, reflecting a medium severity with network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), limited confidentiality impact (C:L), no integrity impact (I:N), and low availability impact (A:L). Although the vulnerability does not allow direct code execution or data modification, the information disclosure can aid attackers in crafting targeted exploits or bypassing security controls by understanding the internal class structure. No patches or exploits are currently documented, but the issue is publicly known and should be addressed promptly.

For European organizations, this vulnerability primarily poses a risk of information leakage that can facilitate further attacks. Keyfactor SignServer is used for certificate lifecycle management, digital signing, and cryptographic operations, often within critical infrastructure and regulated industries. Attackers leveraging class enumeration can gain insights into the server's internal architecture, potentially enabling them to identify vulnerable components or misconfigurations. This reconnaissance can lead to more sophisticated attacks such as privilege escalation, code injection, or bypassing security mechanisms. The availability impact is low but present, as malformed requests could potentially cause minor service disruptions. Confidentiality impact is limited to class presence information, but in sensitive environments, even this can be valuable. European entities relying on Keyfactor SignServer for secure certificate management, especially in finance, government, and telecommunications sectors, may face increased risk if this vulnerability is exploited as part of a multi-stage attack.

European organizations should immediately verify their Keyfactor SignServer versions and upgrade to version 7.3.2 or later where this vulnerability is resolved. In the absence of an official patch, administrators should implement strict input validation and error handling to prevent differential error messages that reveal class existence. Network-level controls such as web application firewalls (WAFs) can be configured to detect and block suspicious requests attempting class path enumeration. Monitoring and logging should be enhanced to detect anomalous access patterns indicative of reconnaissance activities. Additionally, limiting exposure of the SignServer interface to trusted networks and enforcing strong authentication and authorization controls can reduce the attack surface. Regular security assessments and penetration testing focusing on error message handling and information disclosure should be conducted to identify similar issues proactively.