CVE-2025-43928

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Apr 20, 2025
Updated: Apr 24, 2025
CWE ID 24
CWE ID 22

Summary

CVE-2025-43928 is a directory traversal vulnerability affecting Infodraw Media Relay Service (MRS) version 7.1.0.0. The issue lies in the MRS web server, which listens on port 12654. An attacker can exploit this vulnerability by manipulating the username field to read arbitrary files, including ServerParameters.xml. This file may contain administrator credentials in cleartext or MD5-hashed form. Successful exploitation could lead to unauthorized access to the system.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share