CVE-2025-43928
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Apr 20, 2025
Updated: Apr 24, 2025
CWE ID 24
CWE ID 22
Summary
CVE-2025-43928 is a directory traversal vulnerability affecting Infodraw Media Relay Service (MRS) version 7.1.0.0. The issue lies in the MRS web server, which listens on port 12654. An attacker can exploit this vulnerability by manipulating the username field to read arbitrary files, including ServerParameters.xml. This file may contain administrator credentials in cleartext or MD5-hashed form. Successful exploitation could lead to unauthorized access to the system.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.