PHP Info Exposure in Contec's HMI System Version Before 3.7.7
CVE-2025-34081

6.9MEDIUM

Key Information:

Vendor: Contec Co.,ltd.
Status: Conprosys Hmi System (chs)
Vendor: CVE Published:; 1 July 2025

🔔 Create Contec Co.,ltd. Vulnerability Alert

What is CVE-2025-34081?

The CONPROSYS HMI System by Contec Co.,Ltd. contains a vulnerability that exposes a PHP phpinfo() debug page to unauthenticated users. This exposure allows unauthorized users to access potentially sensitive configuration data, which can be leveraged by attackers for further exploitation of the system. It is critical that users of versions prior to 3.7.7 take immediate steps to secure their systems against this vulnerability.

Affected Version(s)

CONPROSYS HMI System (CHS) 0

References

https://jvn.jp/en/vu/JVNVU92266386/

third-party-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 1, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

Alex Williams of Converge Technology Solutions