CVE-2025-65278 is a vulnerability discovered in the GroceryMart application, specifically in the users.json file committed in October 2020. This file improperly stores sensitive user credentials, including plaintext usernames and passwords, without any access restrictions. The vulnerability allows unauthenticated remote attackers to access this file and extract sensitive information, violating confidentiality principles. The root cause is twofold: exposure of sensitive information (CWE-200) and cleartext storage of credentials (CWE-312). The CVSS v3.1 score is 7.5, reflecting a high severity due to the vulnerability's network accessibility (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and a high impact on confidentiality (C:H) without affecting integrity or availability. Although no patches or known exploits are currently documented, the presence of plaintext credentials accessible without authentication represents a critical security flaw. Attackers exploiting this vulnerability could gain unauthorized access to user accounts, potentially leading to further compromise of the application or associated systems. The vulnerability highlights poor security practices in credential management and access control within GroceryMart, necessitating urgent remediation.

For European organizations, this vulnerability poses a significant risk of credential theft, which can lead to unauthorized access to user accounts and potentially escalate to broader system compromise. Retailers and businesses using GroceryMart or similar software that mishandles user credentials are particularly vulnerable. The exposure of plaintext passwords can facilitate credential stuffing attacks, lateral movement within networks, and data breaches affecting customer privacy and business operations. The breach of confidentiality undermines trust and may lead to regulatory penalties under GDPR due to inadequate protection of personal data. Additionally, compromised credentials could be used to access other linked systems or services if password reuse occurs. The impact is amplified in sectors with high customer interaction and sensitive transactional data, such as retail chains and e-commerce platforms prevalent in Europe.

To mitigate this vulnerability, organizations should immediately restrict access to the users.json file by implementing strict file permissions and access controls to prevent unauthenticated access. Encrypting stored credentials using strong, salted hashing algorithms (e.g., bcrypt, Argon2) instead of plaintext storage is critical. Conduct a thorough audit of all credential storage mechanisms within GroceryMart and related systems to ensure no other sensitive data is exposed. Implement multi-factor authentication (MFA) to reduce the risk of compromised credentials leading to account takeover. Regularly monitor access logs for unusual activity related to sensitive files. Apply secure development lifecycle practices to prevent similar issues, including code reviews focused on data exposure and secure storage. If possible, update or patch the GroceryMart application once a fix becomes available. Educate staff on secure credential handling and incident response procedures to quickly address potential exploitation.