Information Disclosure Vulnerability in EasyCVR by Anhui Xufan Information Technology
CVE-2025-1595

6.9MEDIUM

Key Information:

Vendor

Anhui Xufan Information Technology

Status
Easycvr
Vendor
CVE Published:
23 February 2025

Badges

👾 Exploit Exists

What is CVE-2025-1595?

A recently identified vulnerability in EasyCVR, developed by Anhui Xufan Information Technology, is associated with unauthorized access to sensitive information through the file /api/v1/getbaseconfig. This weakness enables remote attackers to exploit unknown code paths, leading to the potential leakage of confidential data. Despite early notification of the vendor regarding this issue, there has been no response or resolution. Users are urged to review their security measures and monitor for unauthorized access attempts.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

EasyCVR 2.0

EasyCVR 2.1

EasyCVR 2.2

References

https://vuldb.com/?id.296590
vdb-entry
https://vuldb.com/?ctiid.296590
signaturepermissions-required
https://vuldb.com/?submit.497485
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

MHKD (VulDB User)
JSON
.