Cyber Resilience

CVE-2025-0472

High

Published: 16 January 2025

Published
16 January 2025
Modified
07 May 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0026 50.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0472 is a high-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Sigb Pmb. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 50.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-11 (Error Handling).

Deeper analysis

CVE-2025-0472 is an information exposure vulnerability in the PMB platform, affecting versions 4.2.13 and earlier. Published on 2025-01-16, the flaw allows an attacker to upload a file to the environment and enumerate internal files on the machine by inspecting the request response. It is linked to CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) and CWE-434 (Unrestricted Upload of File with Dangerous Type), with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact.

An unauthenticated attacker (PR:N) can exploit this over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). By uploading a file and analyzing the response, the attacker achieves enumeration of internal files, resulting in significant information disclosure (C:H) without impacting integrity or availability.

The INCIBE-CERT advisory at https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-pmb-platform provides details on this and other vulnerabilities in the PMB platform, including recommended mitigations.

EU & UK References

Vulnerability details

Information exposure in the PMB platform affecting versions 4.2.13 and earlier. This vulnerability allows an attacker to upload a file to the environment and enumerate the internal files of a machine by looking at the request response.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1083 File and Directory Discovery Discovery
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
Why these techniques?

Vuln in public-facing PMB app enables unauth file upload (T1105) and internal file enumeration (T1083) via response inspection; directly exploitable as public app (T1190).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-0471Same product: Sigb Pmb
CVE-2025-61168Same product: Sigb Pmb
CVE-2025-0473Same product: Sigb Pmb
CVE-2026-2269Shared CWE-434
CVE-2025-25783Shared CWE-434
CVE-2025-27683Shared CWE-434
CVE-2024-41340Shared CWE-434
CVE-2025-6207Shared CWE-434
CVE-2026-5573Shared CWE-434
CVE-2024-50620Shared CWE-434

Affected Assets

sigb
pmb
≤ 4.2.13

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly validates uploaded files to prevent unrestricted uploads of dangerous types that enable internal file enumeration.

prevent

Ensures error handling in responses does not expose sensitive internal file paths or machine information during upload attempts.

prevent

Filters information outputs in request responses to block disclosure of internal files enumerated via the upload vulnerability.

References