CVE-2025-49143 is a medium-severity vulnerability affecting Nautobot, a network source of truth and network automation platform widely used for managing network infrastructure. The vulnerability arises from the way Nautobot handles user-uploaded files stored in its MEDIA_ROOT directory. Specifically, prior to versions 1.6.32 and 2.4.10, files such as DeviceType image attachments and images linked to Locations, Devices, or Racks are served via a URL endpoint that does not enforce user authentication. This means that any anonymous user who can guess or discover the URL of these files can access potentially sensitive images without authorization. The issue is classified under CWE-200, indicating exposure of sensitive information to unauthorized actors. The vulnerability has a CVSS 4.0 base score of 6.3, reflecting a medium severity level. The attack vector is network-based (AV:N), with high attack complexity (AC:H), no privileges required (PR:N), and no user interaction needed (UI:N). The impact is limited to confidentiality (VC:L) with no impact on integrity or availability. Nautobot versions 1.6.32 and 2.4.10 have addressed this issue by enforcing user authentication on the affected endpoint, thereby preventing unauthorized access to uploaded files. There are no known exploits in the wild at this time.

For European organizations using Nautobot, this vulnerability could lead to unauthorized disclosure of sensitive network-related images and documentation. Such information might include device types, rack layouts, or location-specific network diagrams, which could aid an attacker in reconnaissance activities or facilitate further targeted attacks. Although the vulnerability does not allow modification or disruption of data, the exposure of internal network details can compromise operational security and privacy. Organizations in sectors with stringent data protection regulations, such as finance, healthcare, and critical infrastructure, may face compliance risks if sensitive information is leaked. The ease of exploitation is mitigated by the need to guess or discover URLs, but automated scanning tools could facilitate this. The lack of authentication enforcement prior to patching means that any external or internal unauthorized user could potentially access these files, increasing the risk surface.

European organizations should immediately upgrade Nautobot installations to versions 1.6.32 or 2.4.10 or later to ensure the authentication enforcement is in place. Until upgrades can be performed, organizations should restrict network access to the MEDIA_ROOT directory endpoint using network segmentation, firewall rules, or reverse proxy authentication layers to prevent anonymous access. Additionally, organizations should audit existing uploaded files for sensitive content and consider removing or re-uploading files with stricter access controls. Implementing monitoring and alerting for unusual access patterns to these endpoints can help detect potential exploitation attempts. Regularly reviewing and updating access control policies for network management platforms is recommended to prevent similar issues. Finally, organizations should educate administrators about the importance of applying security patches promptly and verifying that authentication mechanisms are correctly enforced on all endpoints serving sensitive data.