CVE-2025-57430 is a high-severity vulnerability affecting Creacast Creabox Manager version 4.4.4. The vulnerability arises from the exposure of sensitive configuration data through a publicly accessible endpoint, specifically the /get endpoint. When accessed, this endpoint returns internal configuration files, including creacodec.lua, which contains plaintext administrator credentials. This exposure constitutes an information disclosure vulnerability categorized under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The vulnerability has a CVSS v3.1 base score of 7.5, indicating a high severity level. The CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) shows that the vulnerability is remotely exploitable over the network without any authentication or user interaction, with low attack complexity. The impact is primarily on confidentiality, as attackers can retrieve sensitive admin credentials in plaintext, potentially enabling unauthorized access to the management interface or other privileged functions. However, the vulnerability does not directly affect integrity or availability. No known exploits are currently reported in the wild, and no patches have been linked yet. The lack of affected versions specified suggests that the vulnerability is confirmed for version 4.4.4, but it is unclear if earlier or later versions are impacted. The root cause is improper access control on a sensitive endpoint, allowing unauthenticated users to retrieve critical configuration files. This vulnerability could be leveraged by attackers to gain administrative access, leading to further compromise of the affected systems or networks.

For European organizations using Creacast Creabox Manager 4.4.4, this vulnerability poses a significant risk to the confidentiality of administrative credentials. Unauthorized disclosure of these credentials could lead to unauthorized administrative access, enabling attackers to manipulate device configurations, intercept or redirect media streams, or pivot within the network to access other critical systems. Given that Creacast products are often used in media streaming and broadcasting environments, organizations in media, telecommunications, and content delivery sectors are particularly at risk. The exposure of admin credentials could also facilitate espionage, data theft, or disruption of services. Since the vulnerability requires no authentication or user interaction and can be exploited remotely, the attack surface is broad, increasing the likelihood of exploitation if the endpoint is publicly accessible. This could lead to reputational damage, regulatory penalties under GDPR for inadequate protection of sensitive information, and operational disruptions. The absence of known exploits in the wild provides a window for proactive mitigation, but the high severity score underscores the urgency for European organizations to address this vulnerability promptly.

European organizations should immediately audit their Creacast Creabox Manager deployments to determine if version 4.4.4 is in use and whether the /get endpoint is accessible externally. Specific mitigation steps include: 1) Restrict network access to the /get endpoint by implementing firewall rules or network segmentation to ensure it is not reachable from untrusted networks or the internet. 2) Implement strong access controls and authentication mechanisms on management endpoints to prevent unauthorized access. 3) If possible, disable or remove the /get endpoint or any functionality that exposes sensitive configuration files until a vendor patch is available. 4) Monitor network traffic and logs for any suspicious access attempts to the /get endpoint or unusual administrative activity. 5) Rotate administrative credentials immediately if exposure is suspected or confirmed. 6) Engage with Creacast support or vendor channels to obtain patches or updates addressing this vulnerability as soon as they become available. 7) Conduct security awareness training for IT staff to recognize and respond to potential exploitation attempts. These targeted actions go beyond generic advice by focusing on network-level controls, credential hygiene, and proactive monitoring tailored to the specific vulnerability.