CVE-2025-48045 is a high-severity vulnerability affecting MICI Network Co. Ltd.'s NetFax Server product. The vulnerability is categorized under CWE-201, which involves the insertion of sensitive information into sent data. Specifically, an unauthenticated attacker can send an HTTP GET request to the /client.php endpoint of the NetFax Server and receive a response containing the default administrator user credentials. This flaw allows an attacker to obtain privileged access information without any authentication, effectively bypassing access controls. The vulnerability has a CVSS 4.0 base score of 8.7, indicating a high impact with network attack vector, no required privileges, no user interaction, and complete confidentiality compromise. The vulnerability affects version 0 of the product, which likely refers to an initial or early release. No patches or known exploits in the wild have been reported yet. The core technical issue is that sensitive credentials are embedded in server responses to unauthenticated requests, exposing the system to credential disclosure and subsequent unauthorized access or lateral movement within the network.

For European organizations using MICI Network Co. Ltd.'s NetFax Server, this vulnerability poses a significant risk. Disclosure of default administrator credentials can lead to full administrative control over the fax server, enabling attackers to intercept, modify, or delete fax communications, which may contain sensitive or regulated information. This can result in breaches of confidentiality and integrity, potentially violating GDPR and other data protection regulations. Moreover, compromised fax servers can serve as pivot points for further network intrusion, increasing the risk of ransomware or espionage attacks. The unauthenticated nature of the exploit means attackers can remotely target vulnerable servers without prior access, increasing the attack surface. Given the critical role fax servers may still play in certain regulated industries such as healthcare, legal, and government sectors in Europe, the impact could be severe, including operational disruption and reputational damage.

Immediate mitigation should focus on restricting access to the /client.php endpoint to trusted internal networks only, using network segmentation and firewall rules. Organizations should disable or change default administrator credentials if possible, even before patches are available. Monitoring and logging HTTP requests to detect suspicious access patterns targeting /client.php can help identify exploitation attempts. Since no patches are currently available, organizations should consider isolating or decommissioning vulnerable NetFax Server instances until a vendor fix is released. Employing web application firewalls (WAFs) with custom rules to block unauthenticated requests to sensitive endpoints can provide an additional layer of defense. Finally, organizations should engage with MICI Network Co. Ltd. for timely updates and patches and plan for rapid deployment once available.