CVE-2025-51539 is a critical unauthenticated arbitrary file read vulnerability found in EzGED3 version 3.5.0. The vulnerability arises due to improper access control and insufficient input validation in a PHP script exposed via the web interface. Specifically, the script accepts a path parameter that is vulnerable to directory traversal attacks, allowing a remote attacker to read arbitrary files on the server filesystem without any authentication. By exploiting this flaw, attackers can access sensitive files such as configuration files, database dumps, source code, and password reset tokens. This exposure is particularly dangerous if phpMyAdmin is also exposed on the same environment, as attackers can extract database credentials and gain direct administrative access to the database. Even in the absence of phpMyAdmin, attackers can leverage the ability to read raw MySQL data files to extract full database contents. The root cause is the lack of authentication checks and secure path handling in the vulnerable script. The vendor has addressed this issue in version 3.5.72.27183. No CVSS score has been assigned yet, but the vulnerability enables significant confidentiality breaches and potential integrity compromises due to unauthorized data access and possible privilege escalation. No known exploits are currently reported in the wild, but the vulnerability is publicly disclosed and thus poses a risk of exploitation.

For European organizations using EzGED3 3.5.0, this vulnerability poses a severe risk to confidentiality and integrity of sensitive data. Unauthorized file reads can expose critical information such as database credentials, personally identifiable information (PII), intellectual property, and system configuration details. This can lead to data breaches, regulatory non-compliance (e.g., GDPR violations), and reputational damage. If attackers gain database administrative access via extracted credentials, they can manipulate or delete data, causing operational disruption and loss of data integrity. The ability to extract full database contents also increases the risk of widespread data leakage. Given the unauthenticated nature of the vulnerability, any exposed instance of the vulnerable version is at risk from remote attackers without requiring user interaction. This elevates the threat level for organizations with publicly accessible EzGED3 web interfaces, especially those integrated with phpMyAdmin or similar database management tools. The impact is amplified in sectors handling sensitive or regulated data such as finance, healthcare, and government within Europe.

European organizations should immediately verify if they are running EzGED3 version 3.5.0 or any version prior to 3.5.72.27183 and prioritize upgrading to the patched version 3.5.72.27183. Until patching is complete, organizations should restrict external access to the EzGED3 web interface using network-level controls such as firewalls, VPNs, or IP whitelisting to limit exposure. Implement web application firewalls (WAFs) with rules to detect and block directory traversal attempts targeting the vulnerable script. Conduct thorough audits of server file permissions and remove or restrict access to sensitive files and database dumps. If phpMyAdmin or similar tools are exposed, restrict their access or secure them with strong authentication and network segmentation. Monitor logs for unusual file access patterns or repeated attempts to exploit path traversal. Additionally, perform regular backups of critical data and ensure incident response plans are updated to address potential data breaches stemming from this vulnerability. Finally, conduct security awareness training for administrators to recognize and respond to exploitation attempts.