CVE-2025-48045: CWE-201 Insertion of Sensitive Information Into Sent Data in MICI Network Co. Ltd. NetFax Server
An unauthenticated HTTP GET request to the /client.php endpoint will disclose the default administrator user credentials.
AI Analysis
Technical Summary
CVE-2025-48045 is a high-severity vulnerability affecting MICI Network Co. Ltd.'s NetFax Server product. The vulnerability is categorized under CWE-201, which involves the insertion of sensitive information into sent data. Specifically, an unauthenticated attacker can send an HTTP GET request to the /client.php endpoint of the NetFax Server and receive a response containing the default administrator user credentials. This flaw allows an attacker to obtain privileged access information without any authentication, effectively bypassing access controls. The vulnerability has a CVSS 4.0 base score of 8.7, indicating a high impact with network attack vector, no required privileges, no user interaction, and complete confidentiality compromise. The vulnerability affects version 0 of the product, which likely refers to an initial or early release. No patches or known exploits in the wild have been reported yet. The core technical issue is that sensitive credentials are embedded in server responses to unauthenticated requests, exposing the system to credential disclosure and subsequent unauthorized access or lateral movement within the network.
Potential Impact
For European organizations using MICI Network Co. Ltd.'s NetFax Server, this vulnerability poses a significant risk. Disclosure of default administrator credentials can lead to full administrative control over the fax server, enabling attackers to intercept, modify, or delete fax communications, which may contain sensitive or regulated information. This can result in breaches of confidentiality and integrity, potentially violating GDPR and other data protection regulations. Moreover, compromised fax servers can serve as pivot points for further network intrusion, increasing the risk of ransomware or espionage attacks. The unauthenticated nature of the exploit means attackers can remotely target vulnerable servers without prior access, increasing the attack surface. Given the critical role fax servers may still play in certain regulated industries such as healthcare, legal, and government sectors in Europe, the impact could be severe, including operational disruption and reputational damage.
Mitigation Recommendations
Immediate mitigation should focus on restricting access to the /client.php endpoint to trusted internal networks only, using network segmentation and firewall rules. Organizations should disable or change default administrator credentials if possible, even before patches are available. Monitoring and logging HTTP requests to detect suspicious access patterns targeting /client.php can help identify exploitation attempts. Since no patches are currently available, organizations should consider isolating or decommissioning vulnerable NetFax Server instances until a vendor fix is released. Employing web application firewalls (WAFs) with custom rules to block unauthenticated requests to sensitive endpoints can provide an additional layer of defense. Finally, organizations should engage with MICI Network Co. Ltd. for timely updates and patches and plan for rapid deployment once available.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Belgium, Sweden
CVE-2025-48045: CWE-201 Insertion of Sensitive Information Into Sent Data in MICI Network Co. Ltd. NetFax Server
Description
An unauthenticated HTTP GET request to the /client.php endpoint will disclose the default administrator user credentials.
AI-Powered Analysis
Technical Analysis
CVE-2025-48045 is a high-severity vulnerability affecting MICI Network Co. Ltd.'s NetFax Server product. The vulnerability is categorized under CWE-201, which involves the insertion of sensitive information into sent data. Specifically, an unauthenticated attacker can send an HTTP GET request to the /client.php endpoint of the NetFax Server and receive a response containing the default administrator user credentials. This flaw allows an attacker to obtain privileged access information without any authentication, effectively bypassing access controls. The vulnerability has a CVSS 4.0 base score of 8.7, indicating a high impact with network attack vector, no required privileges, no user interaction, and complete confidentiality compromise. The vulnerability affects version 0 of the product, which likely refers to an initial or early release. No patches or known exploits in the wild have been reported yet. The core technical issue is that sensitive credentials are embedded in server responses to unauthenticated requests, exposing the system to credential disclosure and subsequent unauthorized access or lateral movement within the network.
Potential Impact
For European organizations using MICI Network Co. Ltd.'s NetFax Server, this vulnerability poses a significant risk. Disclosure of default administrator credentials can lead to full administrative control over the fax server, enabling attackers to intercept, modify, or delete fax communications, which may contain sensitive or regulated information. This can result in breaches of confidentiality and integrity, potentially violating GDPR and other data protection regulations. Moreover, compromised fax servers can serve as pivot points for further network intrusion, increasing the risk of ransomware or espionage attacks. The unauthenticated nature of the exploit means attackers can remotely target vulnerable servers without prior access, increasing the attack surface. Given the critical role fax servers may still play in certain regulated industries such as healthcare, legal, and government sectors in Europe, the impact could be severe, including operational disruption and reputational damage.
Mitigation Recommendations
Immediate mitigation should focus on restricting access to the /client.php endpoint to trusted internal networks only, using network segmentation and firewall rules. Organizations should disable or change default administrator credentials if possible, even before patches are available. Monitoring and logging HTTP requests to detect suspicious access patterns targeting /client.php can help identify exploitation attempts. Since no patches are currently available, organizations should consider isolating or decommissioning vulnerable NetFax Server instances until a vendor fix is released. Employing web application firewalls (WAFs) with custom rules to block unauthenticated requests to sensitive endpoints can provide an additional layer of defense. Finally, organizations should engage with MICI Network Co. Ltd. for timely updates and patches and plan for rapid deployment once available.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- rapid7
- Date Reserved
- 2025-05-15T13:38:26.770Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 68385671182aa0cae27ce98f
Added to database: 5/29/2025, 12:43:29 PM
Last enriched: 7/8/2025, 3:39:36 AM
Last updated: 8/16/2025, 8:07:47 AM
Views: 13
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.