CVE-2025-12055 Scanner

MPDV Mikrolab GmbH HYDRA X, MIP 2, and FEDRA 2 are advanced software solutions used in manufacturing execution systems across various industries. These products are employed to monitor, control, and improve production processes, enhancing overall operational efficiency. Businesses rely on these systems for data collection, analysis, and facilitating communication between different production components. Software solutions like these are crucial for achieving seamless manufacturing operations by integrating with existing infrastructure and ensuring optimized performance. They provide real-time data to help industries make informed decisions, maximizing productivity and minimizing downtime.

The Path Traversal vulnerability detected in MPDV Mikrolab GmbH HYDRA X, MIP 2 & FEDRA 2 allows unauthorized access to the file system, letting users read arbitrary OS files. This vulnerability arises due to improper validation of the "Filename" parameter in the $SCHEMAS$ resource. If exploited, attackers can bypass security controls and gain access to sensitive files. Such vulnerabilities can be leveraged to gather information on the system's configuration, leading to potential escalations. The nature of this vulnerability makes systems running these versions particularly susceptible to malicious exploration, highlighting the importance of timely patches and updates.

Technical details reveal that the vulnerability is related to the "Filename" parameter used within the $SCHEMAS$ resource endpoint. Attack vectors suggest that manipulating the parameter allows retrieving OS files without proper authorization. By sending a crafted GET request, attackers can access vital configuration files, like the "win.ini" file on Windows. The vulnerability doesn't require authentication, making it accessible to remote attackers. Response codes and content types help validate the presence of vulnerable endpoints for verification. Moreover, the exploitation doesn't rely on any specific user privileges, making it a significant security concern for affected versions.

If exploited, this vulnerability could lead to unauthorized data access, enabling attackers to view sensitive system files and configurations. Potential effects include the exposure of confidential data, insight into application setups, and the possibility to further exploit the system using the gathered information. Attackers could also identify other weaknesses or establish persistence within the system. These unauthorized disclosures can undermine the system's integrity, potentially leading to severe data breaches. The resulting exposure of sensitive information can have far-reaching implications, impacting not just system security but also compliance with data protection regulations.

REFERENCES

• https://seclists.org/fulldisclosure/2025/Oct/28
• https://nvd.nist.gov/vuln/detail/CVE-2025-12055