CVE-2025-11079
Published: 27 September 2025
Summary
CVE-2025-11079 is a medium-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Campcodes Farm Management System. Its CVSS base score is 5.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique File and Directory Discovery (T1083); ranked in the top 38.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-11079 is a vulnerability in Campcodes Farm Management System 1.0 that enables file and directory information exposure through manipulation of an unknown functionality. Published on 2025-09-27, it carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N), indicating medium severity with network accessibility, low attack complexity, no privileges or user interaction required, and low confidentiality impact. The issue maps to CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), CWE-538 (Insertion of Sensitive Information into Log File), and CWE-22 (Improper Limitation of a Pathname to a Restricted Directory).
Unauthenticated remote attackers can exploit this vulnerability without privileges, leveraging its low complexity to trigger the exposure of file and directory details. Exploitation remains confined to confidentiality impacts, with no disruption to integrity or availability, but the public release of an exploit increases the risk of widespread probing or attacks against exposed instances.
VulDB advisories (CTI ID 326119, ID 326119, submit 661199) confirm the remote exploitability and public disclosure of proof-of-concept code. A related GitHub issue at unicorn33355/cve/issues/1 provides further details, while the vendor site at campcodes.com offers context on the affected software, though no specific patches or mitigations are outlined in the references.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-31439
Vulnerability details
A security flaw has been discovered in Campcodes Farm Management System 1.0. Affected by this issue is some unknown functionality. The manipulation results in file and directory information exposure. The attack may be performed from remote. The exploit has been…
more
released to the public and may be exploited.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Directory traversal vulnerability in public-facing web application enables remote exploitation (T1190) for file and directory discovery (T1083) and potential sensitive information exposure without authentication.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces access control policies to block unauthenticated remote retrieval of file and directory information.
Requires validation of inputs that manipulate pathnames or parameters, preventing the exposure described by CWE-22 and CWE-200.
Explicitly monitors for unauthorized information disclosure events matching the file/directory exposure in this CVE.