Skip to main content

CVE-2025-48045: CWE-201 Insertion of Sensitive Information Into Sent Data in MICI Network Co. Ltd. NetFax Server

High
VulnerabilityCVE-2025-48045cvecve-2025-48045cwe-201
Published: Thu May 29 2025 (05/29/2025, 12:29:33 UTC)
Source: CVE Database V5
Vendor/Project: MICI Network Co. Ltd.
Product: NetFax Server

Description

An unauthenticated HTTP GET request to the /client.php endpoint will disclose the default administrator user credentials.

AI-Powered Analysis

AILast updated: 07/08/2025, 03:39:36 UTC

Technical Analysis

CVE-2025-48045 is a high-severity vulnerability affecting MICI Network Co. Ltd.'s NetFax Server product. The vulnerability is categorized under CWE-201, which involves the insertion of sensitive information into sent data. Specifically, an unauthenticated attacker can send an HTTP GET request to the /client.php endpoint of the NetFax Server and receive a response containing the default administrator user credentials. This flaw allows an attacker to obtain privileged access information without any authentication, effectively bypassing access controls. The vulnerability has a CVSS 4.0 base score of 8.7, indicating a high impact with network attack vector, no required privileges, no user interaction, and complete confidentiality compromise. The vulnerability affects version 0 of the product, which likely refers to an initial or early release. No patches or known exploits in the wild have been reported yet. The core technical issue is that sensitive credentials are embedded in server responses to unauthenticated requests, exposing the system to credential disclosure and subsequent unauthorized access or lateral movement within the network.

Potential Impact

For European organizations using MICI Network Co. Ltd.'s NetFax Server, this vulnerability poses a significant risk. Disclosure of default administrator credentials can lead to full administrative control over the fax server, enabling attackers to intercept, modify, or delete fax communications, which may contain sensitive or regulated information. This can result in breaches of confidentiality and integrity, potentially violating GDPR and other data protection regulations. Moreover, compromised fax servers can serve as pivot points for further network intrusion, increasing the risk of ransomware or espionage attacks. The unauthenticated nature of the exploit means attackers can remotely target vulnerable servers without prior access, increasing the attack surface. Given the critical role fax servers may still play in certain regulated industries such as healthcare, legal, and government sectors in Europe, the impact could be severe, including operational disruption and reputational damage.

Mitigation Recommendations

Immediate mitigation should focus on restricting access to the /client.php endpoint to trusted internal networks only, using network segmentation and firewall rules. Organizations should disable or change default administrator credentials if possible, even before patches are available. Monitoring and logging HTTP requests to detect suspicious access patterns targeting /client.php can help identify exploitation attempts. Since no patches are currently available, organizations should consider isolating or decommissioning vulnerable NetFax Server instances until a vendor fix is released. Employing web application firewalls (WAFs) with custom rules to block unauthenticated requests to sensitive endpoints can provide an additional layer of defense. Finally, organizations should engage with MICI Network Co. Ltd. for timely updates and patches and plan for rapid deployment once available.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
rapid7
Date Reserved
2025-05-15T13:38:26.770Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 68385671182aa0cae27ce98f

Added to database: 5/29/2025, 12:43:29 PM

Last enriched: 7/8/2025, 3:39:36 AM

Last updated: 8/16/2025, 8:07:47 AM

Views: 13

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats