CData API Server Vulnerability Exposing Sensitive Information Through MySQL Misconfiguration
CVE-2025-9273

4.3MEDIUM

Key Information:

Vendor: Cdata
Status: Api Server
Vendor: CVE Published:; 2 September 2025

What is CVE-2025-9273?

A vulnerability exists in the CData API Server that allows remote attackers to potentially disclose sensitive information. This flaw stems from a misconfiguration in the MySQL connection settings, which permits the server to request local files from the MySQL client. While authentication is required to exploit this weakness, it poses a significant risk by allowing access to sensitive information in the context of NETWORK SERVICE. Organizations using the CData API Server should apply necessary security measures to mitigate this risk.

Affected Version(s)

API Server 23.0.8844.0

References

https://www.zerodayinitiative.com/advisories/ZDI-25-852/

x_research-advisory

CVSS V3.0

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 2, 2025
Vulnerability Reserved
Aug 20, 2025

Cdata

What is CVE-2025-9273?

Affected Version(s)

References

CVSS V3.0

Timeline