CVE-2025-8590 is a vulnerability classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) affecting the SKSPro product developed by AKCE Software Technology R&D Industry and Trade Inc. The root cause of this vulnerability is improper handling of directory indexing, which allows attackers to enumerate and access directory contents that should be restricted. This exposure can reveal sensitive files or configuration data that could aid further attacks or result in data leakage. The vulnerability affects all versions of SKSPro up to 07012026. The CVSS 3.1 base score is 7.5, indicating a high severity level due to its network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The impact is primarily on confidentiality (C:H), with no impact on integrity (I:N) or availability (A:N). Although no public exploits are currently known, the ease of exploitation and the nature of the vulnerability make it a significant risk. The vulnerability was reserved in August 2025 and published in February 2026, with no patches currently available, emphasizing the need for interim mitigations such as disabling directory indexing on affected servers or restricting access via network controls.

For European organizations, this vulnerability poses a significant risk of unauthorized disclosure of sensitive information, which could include intellectual property, personal data, or internal configuration files. Such exposure can lead to privacy breaches under GDPR, reputational damage, and potential regulatory penalties. Organizations in sectors such as manufacturing, research, and trade that rely on SKSPro for operational or R&D activities may face competitive disadvantages if proprietary data is leaked. The vulnerability's network accessibility and lack of authentication requirements increase the likelihood of exploitation by external attackers. While no integrity or availability impacts are noted, the confidentiality breach alone can facilitate further attacks or social engineering campaigns. The absence of known exploits provides a window for proactive defense, but the high CVSS score indicates urgency in addressing the issue.

1. Immediately disable directory indexing on all SKSPro installations to prevent unauthorized directory enumeration. 2. Implement strict access controls and network segmentation to limit exposure of SKSPro servers to trusted internal networks only. 3. Monitor web server logs and network traffic for unusual directory access patterns or unauthorized requests. 4. Apply vendor patches promptly once released; maintain close communication with AKCE Software Technology R&D Industry and Trade Inc. for updates. 5. Conduct a thorough audit of exposed directories to identify and secure sensitive files. 6. Employ web application firewalls (WAFs) with rules to block directory indexing attempts. 7. Educate IT staff on the risks of directory indexing and ensure secure default configurations in future deployments. 8. Consider deploying intrusion detection/prevention systems (IDS/IPS) tuned to detect reconnaissance activities targeting SKSPro.