CVE-2025-7426

Information disclosure and exposure of authentication FTP credentials over the debug port 1604 in the MINOVA TTA service. This allows unauthenticated remote access to an active FTP account containing sensitive internal data and import structures. In environments where this FTP server is part of automated business processes (e.g. EDI or data integration), this could lead to data manipulation, extraction, or abuse. Debug ports 1602, 1603 and 1636 also expose service architecture information and system activity logs

CVSS

No CVSS.

References

Link	Resource
https://www.cryptron.ch/en/blog-detail/security-advisory-CVE-2025-7426-en.html
https://www.minova.de/de/tta.html
https://www.cryptron.ch/en/blog-detail/security-advisory-CVE-2025-7426-en.html

Configurations

No configuration.

History

No history.

Information

Published : 2025-08-25 09:15

Updated : 2025-08-25 20:24

NVD link : CVE-2025-7426

Mitre link : CVE-2025-7426

CVE.ORG link : CVE-2025-7426

JSON object : View

Products Affected

No product.

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-312

Cleartext Storage of Sensitive Information

CWE-532

Insertion of Sensitive Information into Log File

{"id": "CVE-2025-7426", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-25T09:15:29.110", "references": [{"url": "https://www.cryptron.ch/en/blog-detail/security-advisory-CVE-2025-7426-en.html", "source": "[email protected]"}, {"url": "https://www.minova.de/de/tta.html", "source": "[email protected]"}, {"url": "https://www.cryptron.ch/en/blog-detail/security-advisory-CVE-2025-7426-en.html", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-312"}, {"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "Information disclosure and exposure of authentication FTP credentials over the debug port 1604 in the MINOVA TTA service. This allows unauthenticated remote access to an active FTP account containing sensitive internal data and import structures. In environments where this FTP server is part of automated business processes (e.g. EDI or data integration), this could lead to data manipulation, extraction, or abuse.\u00a0 Debug ports\u00a01602,\u00a01603 and\u00a01636 also expose service architecture information and\u00a0system activity logs"}, {"lang": "es", "value": "Divulgaci\u00f3n de informaci\u00f3n y exposici\u00f3n de credenciales FTP de autenticaci\u00f3n a trav\u00e9s del puerto de depuraci\u00f3n 1604 del servicio MINOVA TTA. Esto permite el acceso remoto no autenticado a una cuenta FTP activa que contiene datos internos confidenciales y estructuras de importaci\u00f3n. En entornos donde este servidor FTP forma parte de procesos de negocio automatizados (p. ej., EDI o integraci\u00f3n de datos), esto podr\u00eda dar lugar a la manipulaci\u00f3n, extracci\u00f3n o abuso de datos. Los puertos de depuraci\u00f3n 1602, 1603 y 1636 tambi\u00e9n exponen informaci\u00f3n de la arquitectura del servicio y registros de actividad del sistema."}], "lastModified": "2025-08-25T20:24:45.327", "sourceIdentifier": "[email protected]"}