CVE-2025-11079
Published: 27 September 2025
Summary
CVE-2025-11079 is a medium-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Campcodes Farm Management System. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique File and Directory Discovery (T1083); ranked in the top 48.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Review and removal of nonpublic information from publicly accessible systems directly prevents exposure of sensitive data to unauthorized actors.
Monitoring directly detects unauthorized disclosure of sensitive information, enabling response to exposures.
A data action map identifies locations where sensitive information may be exposed to unauthorized actors during processing or transfer.
The control's identification, isolation, alerting, and eradication steps directly limit the impact and exploitation window of unauthorized sensitive information exposure.
Categorization identifies sensitive data so that confidentiality protections commensurate with impact level are selected and documented.
The assessment process surfaces design decisions that could expose sensitive (including PII) data to unauthorized actors, prompting controls that reduce such exposure.
Tainting directly detects exfiltration resulting from exposure of sensitive information to unauthorized actors.
OPSEC controls directly protect supply chain information from unauthorized observation or disclosure.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Directory traversal vulnerability in public-facing web application enables remote exploitation (T1190) for file and directory discovery (T1083) and potential sensitive information exposure without authentication.
NVD Description
A security flaw has been discovered in Campcodes Farm Management System 1.0. Affected by this issue is some unknown functionality. The manipulation results in file and directory information exposure. The attack may be performed from remote. The exploit has been…
more
released to the public and may be exploited.
Deeper analysisAI
CVE-2025-11079 is a vulnerability in Campcodes Farm Management System 1.0 that enables file and directory information exposure through manipulation of an unknown functionality. Published on 2025-09-27, it carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N), indicating medium severity with network accessibility, low attack complexity, no privileges or user interaction required, and low confidentiality impact. The issue maps to CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), CWE-538 (Insertion of Sensitive Information into Log File), and CWE-22 (Improper Limitation of a Pathname to a Restricted Directory).
Unauthenticated remote attackers can exploit this vulnerability without privileges, leveraging its low complexity to trigger the exposure of file and directory details. Exploitation remains confined to confidentiality impacts, with no disruption to integrity or availability, but the public release of an exploit increases the risk of widespread probing or attacks against exposed instances.
VulDB advisories (CTI ID 326119, ID 326119, submit 661199) confirm the remote exploitability and public disclosure of proof-of-concept code. A related GitHub issue at unicorn33355/cve/issues/1 provides further details, while the vendor site at campcodes.com offers context on the affected software, though no specific patches or mitigations are outlined in the references.
Details
- CWE(s)