AI description
CVE-2025-43928 is a path traversal vulnerability found in Infodraw Media Relay Service (MRS) 7.1.0.0. Specifically, the MRS web server (running on port 12654) is susceptible to arbitrary file reading due to improper input validation in the username field. By using "../" sequences, an attacker can access files outside the intended directory. Successful exploitation of this vulnerability allows an unauthenticated attacker to read sensitive files on the system. For example, reading the ServerParameters.xml file could reveal administrator credentials, potentially stored in cleartext or as MD5 hashes. This vulnerability affects both Windows and Linux versions of MRS.
- Description
- In Infodraw Media Relay Service (MRS) 7.1.0.0, the MRS web server (on port 12654) allows reading arbitrary files via ../ directory traversal in the username field. Reading ServerParameters.xml may reveal administrator credentials in cleartext or with MD5 hashing.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- Hype score
- Not currently trending
👀 Hackers could be one path away from your sensitive files! 🚨 New CVEs expose major flaws in Rack & Infodraw systems: 🔹 CVE-2025-27610 lets attackers read config files & credentials via path traversal. 🔹 Infodraw CVE-2025-43928 allows any file to be read or
@TheHackersNews
25 Apr 2025
9897 Impressions
20 Retweets
66 Likes
8 Bookmarks
1 Reply
0 Quotes
🔴 Infodraw Media Relay Service (MRS), Directory Traversal, #CVE-2025-43928 (Critical) https://t.co/8XGL88Nc3H
@dailycve
24 Apr 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-43928 04/20/2025 03:15:35 AM BaseSeverity: MEDIUM In Infodraw Media Relay Service (MRS) 7.1.0.0, the MRS web server (on port 12654) allows reading arbitrary files via ../ directory traversal in the username field. Readi... https://t.co/A80gZly6qH
@CVETracker
20 Apr 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New post from https://t.co/uXvPWJy6tj (CVE-2025-43928 | Infodraw Media Relay Service 7.1.0.0 MRS Web Server Username path traversal) has been published on https://t.co/OjgUjL7qDh
@WolfgangSesin
20 Apr 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-43928 In Infodraw Media Relay Service (MRS) 7.1.0.0, the MRS web server (on port 12654) allows reading arbitrary files via ../ directory traversal in the username field. Re… https://t.co/ZdW1Zised6
@CVEnew
20 Apr 2025
129 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:infodraw:pmrs-102_firmware:7.1.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8966F22A-73EE-4A7A-94C7-1630E4748785"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:infodraw:pmrs-102:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "647D8DF4-50B5-44BD-BF0E-950687E295BE"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]