CVE-2025-0472
Published: 16 January 2025
Summary
CVE-2025-0472 is a high-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Sigb Pmb. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 50.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-11 (Error Handling).
Deeper analysis
CVE-2025-0472 is an information exposure vulnerability in the PMB platform, affecting versions 4.2.13 and earlier. Published on 2025-01-16, the flaw allows an attacker to upload a file to the environment and enumerate internal files on the machine by inspecting the request response. It is linked to CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) and CWE-434 (Unrestricted Upload of File with Dangerous Type), with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact.
An unauthenticated attacker (PR:N) can exploit this over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). By uploading a file and analyzing the response, the attacker achieves enumeration of internal files, resulting in significant information disclosure (C:H) without impacting integrity or availability.
The INCIBE-CERT advisory at https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-pmb-platform provides details on this and other vulnerabilities in the PMB platform, including recommended mitigations.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-1697
- 🇪🇸 INCIBE: www.incibe.es
Vulnerability details
Information exposure in the PMB platform affecting versions 4.2.13 and earlier. This vulnerability allows an attacker to upload a file to the environment and enumerate the internal files of a machine by looking at the request response.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vuln in public-facing PMB app enables unauth file upload (T1105) and internal file enumeration (T1083) via response inspection; directly exploitable as public app (T1190).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly validates uploaded files to prevent unrestricted uploads of dangerous types that enable internal file enumeration.
Ensures error handling in responses does not expose sensitive internal file paths or machine information during upload attempts.
Filters information outputs in request responses to block disclosure of internal files enumerated via the upload vulnerability.