We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-34119

EasyCafe Server 2.2.14 Remote File Disclosure via Opcode 0x43



Description

A remote file disclosure vulnerability exists in EasyCafe Server 2.2.14, exploitable by unauthenticated remote attackers via TCP port 831. The server listens for a custom protocol where opcode 0x43 can be used to request arbitrary files by absolute path. If the file exists and is accessible, its content is returned without authentication. This flaw allows attackers to retrieve sensitive files such as system configuration, password files, or application data.

Reserved 2025-04-15 | Published 2025-07-16 | Updated 2025-07-16 | Assigner VulnCheck


HIGH: 8.8CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-668 Exposure of Resource to Wrong Sphere

CWE-306 Missing Authentication for Critical Function

Product status

Default status
unknown

2.2.14
affected

Credits

R-73eN finder

References

raw.githubusercontent.com/...c/easycafe_server_fileaccess.rb exploit

www.exploit-db.com/exploits/39102 exploit

www.vulncheck.com/...easy-cafe-server-remote-file-disclosure third-party-advisory

cve.org (CVE-2025-34119)

nvd.nist.gov (CVE-2025-34119)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-34119

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.