Unauthenticated File Read Vulnerability in EzGED3 by Ballpoint Technologies
CVE-2025-51539

5.3MEDIUM

Key Information:

Vendor: Ballpoint Technologies
Status: EzGED3
Vendor: CVE Published:; 19 August 2025

🔔 Create Ballpoint Technologies Vulnerability Alert

What is CVE-2025-51539?

EzGED3 version 3.5.0 is susceptible to an unauthenticated arbitrary file read vulnerability caused by improper access control and inadequate input validation in a specific PHP script. This vulnerability allows a remote attacker to manipulate path parameters, enabling unauthorized access to sensitive files within the filesystem. Without sufficient authentication checks or secure path management, the affected script is vulnerable to directory traversal attacks. Such attacks can lead to unauthorized access to critical files, including configuration settings, database information, and sensitive source code. In scenarios where phpMyAdmin is accessible, the compromised credentials can facilitate direct administrative access. Even in environments lacking these tools, attackers can exploit this vulnerability to extract entire databases by targeting raw MySQL data files. The flaw is addressed in version 3.5.72.27183.

References

https://ballpoint.fr/en/blog/ezged3-preauth-file-read-adm...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 19, 2025
Vulnerability Reserved
Jun 16, 2025

CVE-2025-51539 Data

JSON