Home

Description

HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance Pack 36 with Servicepack 8 (week 36/2025), which allows an attacker to read arbitrary files from the Windows operating system. The "Filename" parameter of the public $SCHEMAS$ ressource is vulnerable and can be exploited easily.

PUBLISHED Reserved 2025-10-22 | Published 2025-10-27 | Updated 2025-10-27 | Assigner SEC-VLab

Problem types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status
unaffected

affected

Default status
unaffected

affected

Default status
unaffected

affected

Credits

Lukas Donaubauer, SEC Consult Vulnerability Lab finder

References

r.sec-consult.com/mpdv

cve.org (CVE-2025-12055)

nvd.nist.gov (CVE-2025-12055)

Download JSON